Forum Discussion

Ladislav Zvada's avatar
Ladislav Zvada
Copper Contributor
Aug 22, 2017

Connect-SPOService : Could not authenticate to SharePoint Online

Hi

I am unable to connect to SPO from SharePoint online management shell (6802.1200) using my federated account (no MFA set). I am executing command:

Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com

My response is:

Connect-SPOService : Could not authenticate to SharePoint Online
https://TENANTNAME-admin.sharepoint.com/ using OAuth 2.0
At line:1 char:1
+ Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-SPOService], Authenti
   cationException
    + FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.Authentic
   ationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService

 

I am able to connect using cloud only account using with using something like this:

Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential

 

Can you please help me to use federated account to connect to SPO?

Thanks

  • ChrisWalljasper's avatar
    ChrisWalljasper
    Copper Contributor

    Ladislav Zvada 

    I'm having the opposite issue, but I was getting this error after a recent registry edit I made while trying to bypass modern authentication for a script. Here is the related article I found and the registry key I created which causes this error, you might want to check for this key:

    [HKEY_CURRENT_USER\Software\Microsoft\SPO\CMDLETS]

    "ForceOAuth" = dword:00000001

    https://docs.microsoft.com/en-us/sharepoint/troubleshoot/security/cannot-force-modern-authentication

  • you really need to get prompted for authentication as MFA is enabled.

    Don't know what you are trying but i would look into the PNP powershell commands which have the complete settings.

  • Passing the -Credentials parameter bypasses ADAL (i.e. switches to legacy auth), so you seem to have some issue with ADAL/Modern authentication. Do you get the ADAL dialog when you run the first cmdlet?

    • Ladislav Zvada's avatar
      Ladislav Zvada
      Copper Contributor

      I do not get the ADAL dialog at all when using connect-sposervice from powershell, but i do get the ADAL window when running Connect-MsolService from the same powershell window on the same machine and i am able to connect to azure ad.

      The error message i am getting instead of expected login dialog window is:

      PS C:\WINDOWS\system32> Connect-SPOService -Url https://tenantname-admin.sharepoint
      .com
      Connect-SPOService : Unable to cast object of type
      'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI' to
      type 'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IWebUI'.
      At line:1 char:1
      + Connect-SPOService -Url https://tenantname-admin.sharepoint.com
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [Connect-SPOService], InvalidC
         astException
          + FullyQualifiedErrorId : System.InvalidCastException,Microsoft.Online.Sha
         rePoint.PowerShell.ConnectSPOService

       

      If i include -Credential parameter, it is not succeeding with federated account, only with cloud only account i am able to login to SPO.

Resources