Forum Discussion
Single Sign On to Teams
Are you synchronising your on-premises AD to Azure AD with Azure AD Connect? If so, you can configure Seamless Single Sign on via Passthrough Authentication (PTA), or Password Hash Synchronisation (PHS). Check out - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
Users will most likely still need to sign in to Teams and other O365 Apps the first time they are setup and accessed (this quite often throws people), but after that, it should work nicely.
Thanks for this!
That was the guide I used, I have everything set as it describes but it still doesnt automatically sign in and the tests dont seem to work.
I can figure out what I have missed
If I turn off multi factor authentication, it does login automatically, although in the logs there does seem to be some errors relating to SSO
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- warning -- SSO: ssoerr - (status) Unable to get errCode. Err:Error
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- event -- Microsoft_ADAL_api_id: 13, Microsoft_ADAL_correlationId: 09844004-31fd-46c4-8004-6262138bb32d, Microsoft_ADAL_response_rtime: 2180, Microsoft_ADAL_api_error_code: caa10001, vdiMode: 2022, eventpdclevel: 2,
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- warning -- SSO: ssoerr - (status) Unable to get errCode. Err:Error
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- SSO: SSO requires credential. Status: caa10001. Attempting windows auth.
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- SSO requires credential. Status: caa10001. Attempting windows auth. diag:1
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- event -- status: success, scenario: 5c687ae7-55d2-4cad-9e30-22fa2521842a, scenarioName: desktop_wia, name: desktop_wia, step: start, sequence: 0, delta: 0, scenarioDelta: 0, elapsed: 4396, stepDelta: 0, vdiMode: 2022, eventpdclevel: 2, Scenario.Name: desktop_wia, Scenario.Step: start, Scenario.Status: success,
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- event -- status: success, scenario: 5c687ae7-55d2-4cad-9e30-22fa2521842a, scenarioName: desktop_wia, name: desktop_wia, step: stop, sequence: 1, delta: 676, scenarioDelta: 676, elapsed: 5072, stepDelta: 676, vdiMode: 2022, eventpdclevel: 2, Scenario.Name: desktop_wia, Scenario.Step: stop, Scenario.Status: success,
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- SSO requires credential. Status: caa10001. Windows auth. diag:1
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- SSO: SSO requires credential. Status: caa10001. Windows auth.
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- event -- Microsoft_ADAL_api_id: 13, Microsoft_ADAL_correlationId: b62f1f62-b4a6-45c3-9675-96598bbf28e6, Microsoft_ADAL_response_rtime: 16, Microsoft_ADAL_api_error_code: 0, vdiMode: 2022, eventpdclevel: 2,
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- Hold tight! We're getting you connected. diag:0
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- adalsso:statusChanged to: Hold tight! We're getting you connected.
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- Login successful, fetching tokens. diag:1
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- SSO: Login successful, correlationId:b62f1f62-b4a6-45c3-9675-96598bbf28e6
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- Hold tight! We're getting you connected. diag:0
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- adalsso:statusChanged to: Hold tight! We're getting you connected.
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- https://api.spaces.skype.com completed with status . Proceeding to fetch id_token. Should be silent. diag:1
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- SSO: https://api.spaces.skype.com completed
with status . Proceeding to fetch id_token. Should be silent.
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- AuthStateService: nativeWamEnabled:false
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- Upn silent sign is successful
Thu May 07 2020 16:48:15 GMT+0100 (British Summer Time) <480> -- info -- Feature disabled enableUpnSilentSignin
Thu May 07 2020 16:48:16 GMT+0100 (British Summer Time) <480> -- event -- Microsoft_ADAL_api_id: 13, Microsoft_ADAL_correlationId: 9db3fa58-e6b8-452d-b443-88c448e689e5, Microsoft_ADAL_response_rtime: 292, Microsoft_ADAL_api_error_code: 0, vdiMode: 2022, eventpdclevel: 2,
Thu May 07 2020 16:48:16 GMT+0100 (British Summer Time) <480> -- info -- Hold tight! We're getting you connected. diag:0
Thu May 07 2020 16:48:16 GMT+0100 (British Summer Time) <480> -- info -- adalsso:statusChanged to: Hold tight! We're getting you connected.
Thu May 07 2020 16:48:16 GMT+0100 (British Summer Time) <480> -- info -- Login successful, fetching tokens. diag:1
Thu May 07 2020 16:48:16 GMT+0100 (British Summer Time) <480> -- info -- SSO: Login successful, correlationId:9db3fa58-e6b8-452d-b443-88c448e689e5How was MFA applied before you turned it off? Was it directly assigned or assigned via Conditional Access?
Yes everything is as it says in the guide.
In the Teams logs I've noticed the error code 4c7.
I think it explains it here - https://appuals.com/microsoft-teams-connection-issues/
We do have an AD FS server (on Server 2012 R2) for a couple of other things.
I've followed the steps but it hasnt worked yet!
Thanks for your help 🙂