Forum Discussion

Thomas Bak's avatar
Thomas Bak
Brass Contributor
Sep 28, 2016
Solved

SharePoint Online auto-acceleration

Has anyone enabled auto-acceleration in their SPO tenant?   I'm mainly responsible for SharePoint so IT owns the overall responsibility for our tenant and are careful about enabling this due to the...
hybrid
SharePoint Online
  • StephenRice's avatar
    StephenRice
    Oct 03, 2016
    Hi Thomas,

    I actually helped build and design this feature so I should be able to answer any questions you might have. Setting the auto-acceleration domain to a space should de-activate the feature.

    The case you mention is when a company has multiple identity providers (such as ADFS) for their users. The common case we see for this is when a company has an IdP for different regions. For example, perhaps Microsoft employees in the US authenticate at Microsoft.com while UK employees authenticate at Microsoft.uk. Because we can only send one domain hint to AAD, acceleration can only take one of these values. If you were to enter Microsoft.com as your auto-acceleration value, UK employees would be directed to Microsoft.com with no clear way to get to their normal authentication path.

    Hope that helps!

    Stephen Rice
Thomas Bak's avatar
Thomas Bak
Brass Contributor
Oct 03, 2016

Thanks Stephen, I think that clears it up for me.

I'm pretty confident that we should be able to set the auto-acceleration based on that information.

 

Can you tell me how fast this setting kicks in, e.g. is it immediate when accessing a site in our domain or should we expect a slight delay? And de-activation will have the same timeframe?

Chris Moore's avatar
Chris Moore
Copper Contributor
Oct 27, 2016

When we enabled this, it was fairly quick to take effect; I would also imagine disabling would be the same.

 

We are encountering some side-effects since enabling it however; working on 3rd party SharePoint Online extranet sites at the same time as working on internal SPO sites (i.e. in different browser tabs) is hiking up some odd behaviours with page loading and form saving, effectively looking like the user is no longer authenticated.

 

I've logged an SR for this, so will see how it proceeds.

  • StephenRice's avatar
    StephenRice
    Icon for Microsoft rankMicrosoft
    Oct 27, 2016

    Hi Chris,

     

    Can I get some more detail on what is happening? When you say you are accessing a 3rd party SPO extranet site, is this inside of your company (a site you have set up for external partners) or are you accessing another company's SPO tenancy (with extranet)? Thanks!

    • Chris Moore's avatar
      Chris Moore
      Copper Contributor
      Oct 28, 2016

      Hi Stephen,

       

      The 3rd party is another company entirely - one of our suppliers, who has shared out sites to us from their own tenant.

       

      I'm struggling to see why this would have caused issues, as I beleived the setting effectively only adds a header to the request being sent to the login page, confirming which home realm to use for pages requested on our tenant; so it theoretically shouldn't affect other tenants? Unless there's something happening to the auth cookie(s), I'm at a loss right now.

       

      Cheers,

       

      Chris.

       

       

       

      • StephenRice's avatar
        StephenRice
        Icon for Microsoft rankMicrosoft
        Oct 28, 2016

        Hi Chris,

         

        You are correct, the auto-accleration feature simply adds an additional parameter to the login URL when accessing sites in your tenant. It should have no effect on authentication in a different tenant. Something messing with the auth cookies is the only explanation I can come up with but I can't think of anything that would actually cause it. Sorry!

         

        Stephen Rice

Resources