Home

Connect-SPOService : Could not authenticate to SharePoint Online

%3CLINGO-SUB%20id%3D%22lingo-sub-98270%22%20slang%3D%22en-US%22%3EConnect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98270%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3EI%20am%20unable%20to%20connect%20to%20SPO%20from%20SharePoint%20online%20management%20shell%20(6802.1200)%20using%20my%20federated%20account%20(no%20MFA%20set).%20I%20am%26nbsp%3Bexecuting%20command%3A%3C%2FP%3E%3CP%3EConnect-SPOService%20-Url%20%3CA%20href%3D%22https%3A%2F%2FTENANTNAME-admin.sharepoint.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2FTENANTNAME-admin.sharepoint.com%3C%2FA%3E%3C%2FP%3E%3CP%3EMy%20response%20is%3A%3C%2FP%3E%3CP%3EConnect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2FTENANTNAME-admin.sharepoint.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2FTENANTNAME-admin.sharepoint.com%2F%3C%2FA%3E%20using%20OAuth%202.0%3CBR%20%2F%3EAt%20line%3A1%20char%3A1%3CBR%20%2F%3E%2B%20Connect-SPOService%20-Url%20%3CA%20href%3D%22https%3A%2F%2FTENANTNAME-admin.sharepoint.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2FTENANTNAME-admin.sharepoint.com%3C%2FA%3E%3CBR%20%2F%3E%2B%20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2B%20CategoryInfo%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20NotSpecified%3A%20(%3A)%20%5BConnect-SPOService%5D%2C%20Authenti%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20cationException%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2B%20FullyQualifiedErrorId%20%3A%20Microsoft.Online.SharePoint.PowerShell.Authentic%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20ationException%2CMicrosoft.Online.SharePoint.PowerShell.ConnectSPOService%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20able%20to%20connect%20using%20cloud%20only%20account%20using%20with%20using%20something%20like%20this%3A%3C%2FP%3E%3CP%3EConnect-SPOService%20-Url%20https%3A%2F%2F%24orgName-admin.sharepoint.com%20-Credential%20%24userCredential%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20please%20help%20me%20to%20use%20federated%20account%20to%20connect%20to%20SPO%3F%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-98270%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-280967%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-280967%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3BI%20had%20this%20issue%20and%20realised%20i%20was%20using%20http%20rather%20than%20https%20for%20my%20sharepoint%20url.%3C%2FP%3E%3CP%3Etry%20changing%20that.%3C%2FP%3E%3CP%3EAlso%20connect%20using%3C%2FP%3E%3CP%3Econnect-sposervice%20-url%20https%3A%2F%2F%3CTENANTADMINURL%3E.sharepoint.com%3C%2FTENANTADMINURL%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-223571%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-223571%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20issue.%20We%20also%20have%20MFA.%3C%2FP%3E%3CP%3Econnect-sposervice%26nbsp%3B%20%3D%26gt%3B%3C%2FP%3E%3CP%3Econnect-sposervice%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%26nbsp%3B%20using%20OAuth%202.0%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-201820%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-201820%22%20slang%3D%22en-US%22%3E%3CP%3EI%20faced%20the%20similar%20problem.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20do%20have%20MFA%20enabled%20and%20for%20me%20I%20got%20the%20popup%20for%20credentials%20but%20did%20not%20asked%20me%20for%20MFA%20code.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebelow%20is%20what%20I%20got.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EConnect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3Ehttps%3A%2F%2Fsite%2F%20using%20OAuth%202.0%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EAt%20line%3A1%20char%3A1%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%2B%20Connect-SPOService%20https%3A%2F%2Fsite%2F%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%2B%20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%2B%20CategoryInfo%20%3A%20NotSpecified%3A%20(%3A)%20%5BConnect-SPOService%5D%2C%20Authenti%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EcationException%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%2B%20FullyQualifiedErrorId%20%3A%20Microsoft.Online.SharePoint.PowerShell.Authentic%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EationException%2CMicrosoft.Online.SharePoint.PowerShell.ConnectSPOService%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100318%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100318%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20i%20install%20the%20module%20to%20fresh%20machine%2C%20i%20am%20getting%20the%20login%20window%20and%20i%20am%20able%20to%20authenticate%20and%20connect%20to%20SPO%2C%20if%20i%20logoff%20from%20that%20machine%20and%20login%20using%20different%20user%2C%20i%20am%20not%20getting%20the%20login%20window%20and%20cannot%20connect%20to%20SPO%2C%20this%20behavior%20is%20consitent%20in%20my%20envrionment%20on%20all%20machines%20i%20tested%2C%20i%20tested%20with%20azure%20ad%20module%20for%20win%20powershell%20and%20cannot%20reproduce%20that%20behavior%2C%20i%20do%20not%20have%20more%20time%20to%20troubleshoot%20this%2C%20so%20i%20am%20happy%20it%20can%20work%20for%20me%20(if%20i%20install%20and%20use%20the%20sp%20mgmt%20shell%20using%20the%20same%20user%20account)%2C%20but%20looks%20like%20some%20bug%20in%20the%20sp%20mgmt%20module%2C%20if%20anyone%20else%20is%20experiencing%20this%20or%20has%20a%20solution%20please%20let%20me%20know%2C%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100235%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100235%22%20slang%3D%22en-US%22%3E%3CP%3EI'd%20say%20reinstall%20the%20module.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100233%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100233%22%20slang%3D%22en-US%22%3E%3CP%3EI%20do%20not%20get%20the%20ADAL%20dialog%20at%20all%20when%20using%20connect-sposervice%20from%20powershell%2C%20but%20i%20do%20get%20the%20ADAL%20window%20when%20running%20Connect-MsolService%20from%20the%20same%20powershell%20window%20on%20the%20same%20machine%20and%20i%20am%20able%20to%20connect%20to%20azure%20ad.%3C%2FP%3E%3CP%3EThe%20error%20message%20i%20am%20getting%20instead%20of%20expected%20login%20dialog%20window%20is%3A%3C%2FP%3E%3CP%3EPS%20C%3A%5CWINDOWS%5Csystem32%26gt%3B%20Connect-SPOService%20-Url%20%3CA%20href%3D%22https%3A%2F%2Ftenantname-admin.sharepoint%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftenantname-admin.sharepoint%3C%2FA%3E%3CBR%20%2F%3E.com%3CBR%20%2F%3EConnect-SPOService%20%3A%20Unable%20to%20cast%20object%20of%20type%3CBR%20%2F%3E'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI'%20to%3CBR%20%2F%3Etype%20'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IWebUI'.%3CBR%20%2F%3EAt%20line%3A1%20char%3A1%3CBR%20%2F%3E%2B%20Connect-SPOService%20-Url%20%3CA%20href%3D%22https%3A%2F%2Ftenantname-admin.sharepoint.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftenantname-admin.sharepoint.com%3C%2FA%3E%3CBR%20%2F%3E%2B%20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2B%20CategoryInfo%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20NotSpecified%3A%20(%3A)%20%5BConnect-SPOService%5D%2C%20InvalidC%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20astException%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2B%20FullyQualifiedErrorId%20%3A%20System.InvalidCastException%2CMicrosoft.Online.Sha%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20rePoint.PowerShell.ConnectSPOService%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20i%20include%20-Credential%20parameter%2C%20it%20is%20not%20succeeding%20with%20federated%20account%2C%20only%20with%20cloud%20only%20account%20i%20am%20able%20to%20login%20to%20SPO.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-98451%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98451%22%20slang%3D%22en-US%22%3E%3CP%3EPassing%20the%20-Credentials%20parameter%20bypasses%20ADAL%20(i.e.%20switches%20to%20legacy%20auth)%2C%20so%20you%20seem%20to%20have%20some%20issue%20with%20ADAL%2FModern%20authentication.%20Do%20you%20get%20the%20ADAL%20dialog%20when%20you%20run%20the%20first%20cmdlet%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-98338%22%20slang%3D%22en-US%22%3ERe%3A%20Connect-SPOService%20%3A%20Could%20not%20authenticate%20to%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98338%22%20slang%3D%22en-US%22%3E%3CP%3Eyou%20really%20need%20to%20get%20prompted%20for%20authentication%20as%20MFA%20is%20enabled.%3C%2FP%3E%3CP%3EDon't%20know%20what%20you%20are%20trying%20but%20i%20would%20look%20into%20the%20PNP%20powershell%20commands%20which%20have%20the%20complete%20settings.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Ladislav Zvada
New Contributor

Hi

I am unable to connect to SPO from SharePoint online management shell (6802.1200) using my federated account (no MFA set). I am executing command:

Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com

My response is:

Connect-SPOService : Could not authenticate to SharePoint Online
https://TENANTNAME-admin.sharepoint.com/ using OAuth 2.0
At line:1 char:1
+ Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-SPOService], Authenti
   cationException
    + FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.Authentic
   ationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService

 

I am able to connect using cloud only account using with using something like this:

Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential

 

Can you please help me to use federated account to connect to SPO?

Thanks

8 Replies

you really need to get prompted for authentication as MFA is enabled.

Don't know what you are trying but i would look into the PNP powershell commands which have the complete settings.

Passing the -Credentials parameter bypasses ADAL (i.e. switches to legacy auth), so you seem to have some issue with ADAL/Modern authentication. Do you get the ADAL dialog when you run the first cmdlet?

I do not get the ADAL dialog at all when using connect-sposervice from powershell, but i do get the ADAL window when running Connect-MsolService from the same powershell window on the same machine and i am able to connect to azure ad.

The error message i am getting instead of expected login dialog window is:

PS C:\WINDOWS\system32> Connect-SPOService -Url https://tenantname-admin.sharepoint
.com
Connect-SPOService : Unable to cast object of type
'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI' to
type 'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IWebUI'.
At line:1 char:1
+ Connect-SPOService -Url https://tenantname-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-SPOService], InvalidC
   astException
    + FullyQualifiedErrorId : System.InvalidCastException,Microsoft.Online.Sha
   rePoint.PowerShell.ConnectSPOService

 

If i include -Credential parameter, it is not succeeding with federated account, only with cloud only account i am able to login to SPO.

I'd say reinstall the module.

If i install the module to fresh machine, i am getting the login window and i am able to authenticate and connect to SPO, if i logoff from that machine and login using different user, i am not getting the login window and cannot connect to SPO, this behavior is consitent in my envrionment on all machines i tested, i tested with azure ad module for win powershell and cannot reproduce that behavior, i do not have more time to troubleshoot this, so i am happy it can work for me (if i install and use the sp mgmt shell using the same user account), but looks like some bug in the sp mgmt module, if anyone else is experiencing this or has a solution please let me know, thanks

I faced the similar problem. 

 

We do have MFA enabled and for me I got the popup for credentials but did not asked me for MFA code.

 

below is what I got.

 

Connect-SPOService : Could not authenticate to SharePoint Online
https://site/ using OAuth 2.0
At line:1 char:1
+ Connect-SPOService https://site/
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], Authenti
cationException
+ FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.Authentic
ationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService

Same issue. We also have MFA.

connect-sposervice  =>

connect-sposervice : Could not authenticate to SharePoint Online  using OAuth 2.0

 I had this issue and realised i was using http rather than https for my sharepoint url.

try changing that.

Also connect using

connect-sposervice -url https://<TenantAdminUrl>.sharepoint.com

Related Conversations
Sharing an excel sheet public link
shunde3 in Microsoft Teams on
6 Replies
Reporting on Project Online (PWA) Timesheets
Andy Dennis in Project on
3 Replies
Adding a user or sending download link
Scott Mackay in Office 365 on
8 Replies
Cutomizing SharePoint Online Modern Page
Vikas Dhingra in SharePoint on
4 Replies