Aug 22 2017
04:09 AM
- last edited on
Feb 10 2023
02:36 PM
by
TechCommunityAP
Aug 22 2017
04:09 AM
- last edited on
Feb 10 2023
02:36 PM
by
TechCommunityAP
Hi
I am unable to connect to SPO from SharePoint online management shell (6802.1200) using my federated account (no MFA set). I am executing command:
Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com
My response is:
Connect-SPOService : Could not authenticate to SharePoint Online
https://TENANTNAME-admin.sharepoint.com/ using OAuth 2.0
At line:1 char:1
+ Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], Authenti
cationException
+ FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.Authentic
ationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService
I am able to connect using cloud only account using with using something like this:
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential
Can you please help me to use federated account to connect to SPO?
Thanks
Aug 22 2017 07:13 AM
you really need to get prompted for authentication as MFA is enabled.
Don't know what you are trying but i would look into the PNP powershell commands which have the complete settings.
Aug 22 2017 11:36 AM
Passing the -Credentials parameter bypasses ADAL (i.e. switches to legacy auth), so you seem to have some issue with ADAL/Modern authentication. Do you get the ADAL dialog when you run the first cmdlet?
Aug 23 2017 11:28 PM
I do not get the ADAL dialog at all when using connect-sposervice from powershell, but i do get the ADAL window when running Connect-MsolService from the same powershell window on the same machine and i am able to connect to azure ad.
The error message i am getting instead of expected login dialog window is:
PS C:\WINDOWS\system32> Connect-SPOService -Url https://tenantname-admin.sharepoint
.com
Connect-SPOService : Unable to cast object of type
'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI' to
type 'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IWebUI'.
At line:1 char:1
+ Connect-SPOService -Url https://tenantname-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], InvalidC
astException
+ FullyQualifiedErrorId : System.InvalidCastException,Microsoft.Online.Sha
rePoint.PowerShell.ConnectSPOService
If i include -Credential parameter, it is not succeeding with federated account, only with cloud only account i am able to login to SPO.
Aug 23 2017 11:31 PM
I'd say reinstall the module.
Aug 24 2017 04:06 AM
If i install the module to fresh machine, i am getting the login window and i am able to authenticate and connect to SPO, if i logoff from that machine and login using different user, i am not getting the login window and cannot connect to SPO, this behavior is consitent in my envrionment on all machines i tested, i tested with azure ad module for win powershell and cannot reproduce that behavior, i do not have more time to troubleshoot this, so i am happy it can work for me (if i install and use the sp mgmt shell using the same user account), but looks like some bug in the sp mgmt module, if anyone else is experiencing this or has a solution please let me know, thanks
Jun 07 2018 06:46 AM
I faced the similar problem.
We do have MFA enabled and for me I got the popup for credentials but did not asked me for MFA code.
below is what I got.
Connect-SPOService : Could not authenticate to SharePoint Online
https://site/ using OAuth 2.0
At line:1 char:1
+ Connect-SPOService https://site/
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], Authenti
cationException
+ FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.Authentic
ationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService
Aug 03 2018 03:25 AM
Same issue. We also have MFA.
connect-sposervice =>
connect-sposervice : Could not authenticate to SharePoint Online using OAuth 2.0
Oct 31 2018 09:10 PM
I had this issue and realised i was using http rather than https for my sharepoint url.
try changing that.
Also connect using
connect-sposervice -url https://<TenantAdminUrl>.sharepoint.com
Feb 05 2020 09:32 AM
I'm having the opposite issue, but I was getting this error after a recent registry edit I made while trying to bypass modern authentication for a script. Here is the related article I found and the registry key I created which causes this error, you might want to check for this key:
[HKEY_CURRENT_USER\Software\Microsoft\SPO\CMDLETS]
"ForceOAuth" = dword:00000001
https://docs.microsoft.com/en-us/sharepoint/troubleshoot/security/cannot-force-modern-authentication
Jun 21 2021 01:05 PM