SSO login instead of landing page

Home
SSO login instead of landing page
 06-20-2017
14 Comments (14 New)
Completed

When my users click a link to a video, it takes them to the landing page instead of loging them in directly using our SSO. they think that they need to signup for something.

 

can this be setup to automatically login with SSO like the rest of office 365? If i already have a browser up and logged in to office365, then it goes in, but we dont normally do that as we are only beginning to test Office365.

7 Upvote
Comment
Comments
Microsoft
Hi @TheGripper Microsoft uses the same authentication for login as O365 using your AAD credentials. You will be automatically signed in if you have a valid Stream license and have authenticated into some AAD based resource before (Office 365, Power BI, Flow, PowerApps, etc, etc) on that browser.

One thing to keep in mind is during preview of Microsoft Stream, users will need to sign up for using the service manually (or an administrator can set licenses for everyone), but it is not yet included in O365 (since it's in preview). Can you confirm that users have the correct license for Stream?
Regular Contributor

yeah, that is my problem, nobody is going to be authenticated to any AAD resource until they click this link.

 

I do have all 1520 users licensed. we thought a neat test would be our daily CEO briefings, since it didnt require functionality like "attendace" tracking.

 

but with the link taking us to the landing page and not the login page when not pre-authenticated, its a non-starter for us.

 

 

Microsoft

@TheGripper can you help clarify a few questions.

  1. Are all users are assigned a Stream licence specifically or just and Office 365 license?
  2. Your initial statement was that "can this be setup to automatically login with SSO like the rest of office 365". Stream uses the same sign-in as Office 365 and the same method for login (so long as the user has a Stream license assigned to them). Are you meaning automatically SSO like other websites like Office online or do you mean other clients like Outlook or Word?
  3. As per number 2, Office 365 is an AAD based resource.  Can you help us clarify what you mean by the second post, "nobody is going to be authenticated to any AAD resource until they click this link"? If the answer to number 2 is that you meant like other websites, then this SSO should work fine.

 

 

Regular Contributor

1. All users are assigned a Stream license and an Offic365 license that includes stream.

2. i was referring to links for other web-based services on office365: Video, Groups, Onedrive, etc.

3. We are a totally on-premise Windows 7 environment. if a user clicks a shared resource for something in office365, they are taken to login.microsoftonline.com, enter their UPN and then are redirected silently to on-Premise ADFS, given a token and sent back to the resource.

 

for example: someone trying out onedrive saves a document in One Drive, then shares the document and sends the link to another employee. when that 2nd employee clicks the link, they are bounced through the authenication  as listed above.

 

when we do the same thing with stream, it just takes us to the stream landing page. something is different.

links to Video are in the format:

https://MyFirm.sharepoint.com/portals/hub/_layouts/15/PointPublishing.aspx?app=video&

Stream is https://web.microsoftstream.com/video/xxxx075a-xxxx-43b8-xxx-3d3141xxxb7cx

 

 

 

Microsoft
Status changed to: Completed
 
New Contributor

We have the same issue with Microsoft Stream. When we send a link to our users and they click on it, they get the landing page of Microsoft Stream with the Sign In button on the top right instead of getting the login page. Our users are not always sign-in to an AAD resource when they click on the link inside their email. This is a issue for us and I which this could get fixed.

Occasional Contributor

@Amit Rajput this should definitely not be marked as completed. 

 

I'm in the same boat as the above users where a link to a particular video on Stream brings a user who hasn't recently logged into an O365 resource to the Stream product landing page https://stream.microsoft.com/en-us/  Users are definitely confused by the fact that they need to find and click either the Sign in button in the top right or the GET STARTED button and then Sign in.

New Contributor

This needs to get fixed. Services accross O365 should provide the exact sign in behaviour. This causes confusion for users and make no sense at all.

Microsoft

@Noah Souza Thanks for your message.  In the context of this idea, SSO is working as intended.  Single sign on works based on a combination of user credentials in the browser, as well as the tenant environment.  If a user has valid credentials for any AAD based resource, and their credentials are valid based on your tenant admin's configuration, it will automatically sign the user in. Single sign on is meant to be able to utilize a login from a different service to sign in to Stream.  At the time of this idea, Stream required specific credentials to sign in, now it automatically logs in based on being logged in from any AAD based resource such as Office 365 services.

  

There are situations based-on your admin's configuration, whether you have a hybrid-on premises environment that can cause issues with sign in if not configured correctly with Azure AD Connect with proper syncing mechanisms in place.  Additionally, there are other situations with continuous access policies set up by your admin that can block SSO.

 

Now the case you are describing is when the user doesn't have a valid set of credentials for an AAD based resource and has to sign in, or they have expired. In this case, SSO does not apply.  In this case we currently take them to a landing page, where they have the chance to sign in or sign up in the case that they don't have a Stream account.  We are currently working on improving this sign in page to make it easier for users to understand so we really do appreciate the feedback. 

 

Senior Member

@Amit Rajput Thank you for your response.  I'm still confused why the landing page is a step at all.  As example, if I provide a link to a form in Forms, unauthenticated users end up on a login prompt and the same is true for a link to a Sway or a Channel in Teams.  It's just a poor user experience when linking to a specific resource.  I think you're focusing too much on the "SSO" in the original post and not on the fact that they're really complaining about the landing page.  The response made sense while Stream was in Preview but unless I'm misunderstanding it's fully released now.  We're trying to follow official guidance to use Stream since we hadn't invested in the O365 Video Portal but this landing page situation is causing tons of confusion among users to the point where our rollout is at risk of failing.  Is there an estimated date for the removal of this extra step that you could share with me and @Patrick Alphonso?

Regular Visitor

Hi @Amit Rajput,

 

Have your tired  https://web.microsoftstream.com/video/*******?noSignUpCheck=1 this will bypass the sigin page and goes right into Pick an account.  I'm looking for something to bypass this screen and go right to my ADFS server. 

 

Mike 

Occasional Contributor

@Michael Sharp While I agree that ideally a user should be directed to ADFS this at least skips the splash page which is a step in the right direction. Thanks for sharing!

@Noah Souza any progress with this? We're in similar boat whereby we'd rather be directed to a login page instead of the Stream home page which is confusing to users. I'm about to try @Michael Sharp's advice to add noSignUpCheck=1 to the URL and hope this helps.

 

@Michael Sharp, any other hidden URL gems? Could it be that there is a sign-on domain option that could be used to route directly to the SSO/ADFS login? 

 

:)

Similar Ideas
No similar ideas