Forum Discussion
Skype for Business Mobile App + Smart Card Required
I'm using Skype for Business via my Office365 subscription and my domain in Office365 is federated against my on-prem ADFS-infrastructure. My user in the local AD have the option "Require Smart Card for interactive logon" enabled, which means that I do not know my own AD-password.
When I tried to login to Skype for Business on my Android phone, the app wanted my username and password to sign in, but unfortunately the password is unknown for me since I have "Require Smart Card for interactive logon" enabled in local AD.
Is there any way for me to get the Skype for Business app to work on my phone (Android & iOS) without knowing my own AD-password?
MA will not help in this case has the Skype Business Mobile app will still require to enter a username and password.
23 Replies
Have a look at Certificate Based Authentication. This may be a suitable option for sign in as neither the username or password is required to login.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-certificate-based-authentication-ios
Unfortunatelly the mobile client doesnt support auth methods different from username/password, as Jean-Philippe Breton mentioned above.
The table in the link i pasted seems to indicate CBA is supported for SfB Mobile when using SfBO.
Also this link here shows the supported topologys for Modern Auth which includes CBA for SfBO in the first table - Cloud Only. This is probably the best link on Technet for understanding the technical nuances between each topology and whats available with each.
https://technet.microsoft.com/en-us/library/mt803262.aspx
Unfortunately, the scenario you describe is probably not supported.
The mobile client was not design to support Smart-Card.
JP
Have you enabled Modern authentication for your tenant (both SfB and ExO)? Also, is the password prompt directly from the app, or does it redirect you to the AD FS server first?
The steps to enable MA are here: https://social.technet.microsoft.com/wiki/contents/articles/34339.skype-for-business-online-enable-your-tenant-for-modern-authentication.aspx
Modern authentication is not enabled in the tenant for SfB or ExO.
The password prompt is directly from the application, it does not redirect me to my ADFS login page.
Actually the SfB mobile application require a password before its even possible to sign in, I'm unable to continoue without specifing a password (the arrow button is grayed out).
That's where MA should help. Though I've had limited success in actually making it work on mobile devices (well, Windows Phone).
Once you enable MA, it should redirect you to the AD FS server, where you can surface additional auth options.
