Forum Discussion
Connect-SPOService : Could not authenticate to SharePoint Online
Hi
I am unable to connect to SPO from SharePoint online management shell (6802.1200) using my federated account (no MFA set). I am executing command:
Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com
My response is:
Connect-SPOService : Could not authenticate to SharePoint Online
https://TENANTNAME-admin.sharepoint.com/ using OAuth 2.0
At line:1 char:1
+ Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], Authenti
cationException
+ FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.Authentic
ationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService
I am able to connect using cloud only account using with using something like this:
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential
Can you please help me to use federated account to connect to SPO?
Thanks
- ChrisWalljasperCopper Contributor
I'm having the opposite issue, but I was getting this error after a recent registry edit I made while trying to bypass modern authentication for a script. Here is the related article I found and the registry key I created which causes this error, you might want to check for this key:
[HKEY_CURRENT_USER\Software\Microsoft\SPO\CMDLETS]
"ForceOAuth" = dword:00000001
https://docs.microsoft.com/en-us/sharepoint/troubleshoot/security/cannot-force-modern-authentication
- Michael_PikolonCopper ContributorThis worked for me! (after a restart)
- Deleted
you really need to get prompted for authentication as MFA is enabled.
Don't know what you are trying but i would look into the PNP powershell commands which have the complete settings.
Passing the -Credentials parameter bypasses ADAL (i.e. switches to legacy auth), so you seem to have some issue with ADAL/Modern authentication. Do you get the ADAL dialog when you run the first cmdlet?
- Ladislav ZvadaCopper Contributor
I do not get the ADAL dialog at all when using connect-sposervice from powershell, but i do get the ADAL window when running Connect-MsolService from the same powershell window on the same machine and i am able to connect to azure ad.
The error message i am getting instead of expected login dialog window is:
PS C:\WINDOWS\system32> Connect-SPOService -Url https://tenantname-admin.sharepoint
.com
Connect-SPOService : Unable to cast object of type
'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI' to
type 'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IWebUI'.
At line:1 char:1
+ Connect-SPOService -Url https://tenantname-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], InvalidC
astException
+ FullyQualifiedErrorId : System.InvalidCastException,Microsoft.Online.Sha
rePoint.PowerShell.ConnectSPOServiceIf i include -Credential parameter, it is not succeeding with federated account, only with cloud only account i am able to login to SPO.
I'd say reinstall the module.