If all SSO-enabled users experience the same symptoms, it more likely indicates a federation issue. SSO authentication doesn't fail for all SSO-enabled user accounts. For more information, see the following Microsoft Knowledge Base article:Ģ637629 How to troubleshoot non-browser apps that can’t sign in to Office 365, Azure, or Intune
For example, it may be an issue that's related to the prerequisites or the configuration of the rich-client application. If only rich client authentication (as opposed to browser-based authentication) isn't working, it more likely indicates a rich client authentication issue. The required AD FS service endpoint that's required for a specific client application is disabled.īefore you continue, make sure that the following conditions are true:Īccess problems aren't limited to rich client applications on the client computer. The federation metadata endpoint may be hardcoded in the registry because of an earlier Office 365 Beta installation of the SSO Management Tool. The third-party web browser doesn't support Extended Protection for Authentication to the AD FS Federation service. The client computer isn't authenticated to Active Directory Domain Services. The AD FS Federation service name may not be added to the Local Intranet security zone in Internet Options settings. If an Internet proxy server is configured on the computer, the AD FS Federation service name may not be added to the proxy bypass list. The client device is receiving incorrect name resolution for the AD FS Federation service from the internal split-brain DNS implementation. The following client device situations may cause this issue: SSO might not be fully functional if the client settings weren't correctly set up. This issue may occur for all users and client computers if single sign-on (SSO) isn't fully functional. Usually, this issue occurs on a client computer or on a group of client devices.
0 kommentar(er)
