Forum Discussion

Eric Adler's avatar
Eric Adler
Iron Contributor
Nov 21, 2016

Expected login experience with ADFS

With ADFS set up I expected that the user experience would be:   1. Open browser 2. Click link to Office 365 app (SharePoint, Planner, etc..) 3. App opens (user is authenticated)   Recently I w...
office 365
sharepoint
Steven Collier's avatar
Steven Collier
MVP
Nov 21, 2016

What's displaying the links in step 2 ?

 

In general when you visit Office 365 it needs to ask you who you are in order to send you to your adfs service, if your adfs does an integrated login then it'll not prompt you but log you in. There are ways to avoid this step where you first need to tell Office 365 who you are :-

 

1. Go to mail at https://outlook.office.com/owa/?realm=yourtenantdomain

2. Access a SharePoint site with acceleration enabled as per https://support.office.com/en-gb/article/Enable-auto-acceleration-for-your-SharePoint-Online-tenancy-74985ebf-39e1-4c59-a74a-dcdfd678ef83?ui=en-US&rs=en-GB&ad=GB

3. Build idP smartlinks as per https://blogs.msdn.microsoft.com/jvasil/2014/05/08/o365-limiting-authentication-prompts/

 

We have SharePoint as our homepage, users very rarely get prompted.

  • Chris Laycock's avatar
    Chris Laycock
    Iron Contributor
    Jul 03, 2017

    Hi, we have been successfully using an IdP SmartLink to https://portal.office.com/ via our ADFS server for over 18 months UNTIL 4 days ago... when all of a sudden it stopped seamlessly logging users in to their portal page - instead prompting for their O365 identity.

     

    I have a ticket logged; however, Microsoft's reponse is that they cannot control the smartlinks created by users - and to recreate them.

     

    Can anybody offer any suggestions as to what may have changed in our environment?  is there an expiry or cache time on smartlinks?

    • bart_vermeersch's avatar
      bart_vermeersch
      Iron Contributor
      Jul 03, 2017

      We also started experiencing SSO issues a few weeks ago. For the moment we don't have a clue of the cause. Users are prompted for credentials again, while in the past they were logged in automatically using SSO.

      • Chris Laycock's avatar
        Chris Laycock
        Iron Contributor
        Jul 04, 2017

        bart_vermeerschand others here.  My team have been able to correct this issue today.

        Unfortunately we are not 100% sure of what the fix was; however, rebooting the AD FS Server and making some modifications to a group policy has appeared to correct the issue.

         

        I also have a formal response to the ticket submitted to Microsoft, with suggested troubleshooting if you want me to send it through.

    • VasilMichev's avatar
      VasilMichev
      MVP
      Jul 03, 2017

      Might help if you give us example of the smart link you use.

      • Chris Laycock's avatar
        Chris Laycock
        Iron Contributor
        Jul 03, 2017
        Hi, don't seem to be able to post the smartlink. Post is deleted each time I post it.
  • Eric Adler's avatar
    Eric Adler
    Iron Contributor
    Nov 21, 2016
    This is great!!

    What we're seeing is the need to click on your user name and/or enter email address before it redirects to the ADFS. This seems to align with your description.

    Thank you!
    • VasilMichev's avatar
      VasilMichev
      MVP
      Nov 22, 2016

      Just to add that you can get the persistent cookie by adding &LoginOptions=1 at the end of the smart link, if you decide to go that route.

Resources