Connect-SPOService : Could not authenticate to SharePoint Online

Copper Contributor

Hi

I am unable to connect to SPO from SharePoint online management shell (6802.1200) using my federated account (no MFA set). I am executing command:

Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com

My response is:

Connect-SPOService : Could not authenticate to SharePoint Online
https://TENANTNAME-admin.sharepoint.com/ using OAuth 2.0
At line:1 char:1
+ Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-SPOService], Authenti
   cationException
    + FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.Authentic
   ationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService

 

I am able to connect using cloud only account using with using something like this:

Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential

 

Can you please help me to use federated account to connect to SPO?

Thanks

10 Replies

you really need to get prompted for authentication as MFA is enabled.

Don't know what you are trying but i would look into the PNP powershell commands which have the complete settings.

Passing the -Credentials parameter bypasses ADAL (i.e. switches to legacy auth), so you seem to have some issue with ADAL/Modern authentication. Do you get the ADAL dialog when you run the first cmdlet?

I do not get the ADAL dialog at all when using connect-sposervice from powershell, but i do get the ADAL window when running Connect-MsolService from the same powershell window on the same machine and i am able to connect to azure ad.

The error message i am getting instead of expected login dialog window is:

PS C:\WINDOWS\system32> Connect-SPOService -Url https://tenantname-admin.sharepoint
.com
Connect-SPOService : Unable to cast object of type
'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI' to
type 'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.IWebUI'.
At line:1 char:1
+ Connect-SPOService -Url https://tenantname-admin.sharepoint.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-SPOService], InvalidC
   astException
    + FullyQualifiedErrorId : System.InvalidCastException,Microsoft.Online.Sha
   rePoint.PowerShell.ConnectSPOService

 

If i include -Credential parameter, it is not succeeding with federated account, only with cloud only account i am able to login to SPO.

I'd say reinstall the module.

If i install the module to fresh machine, i am getting the login window and i am able to authenticate and connect to SPO, if i logoff from that machine and login using different user, i am not getting the login window and cannot connect to SPO, this behavior is consitent in my envrionment on all machines i tested, i tested with azure ad module for win powershell and cannot reproduce that behavior, i do not have more time to troubleshoot this, so i am happy it can work for me (if i install and use the sp mgmt shell using the same user account), but looks like some bug in the sp mgmt module, if anyone else is experiencing this or has a solution please let me know, thanks

I faced the similar problem. 

 

We do have MFA enabled and for me I got the popup for credentials but did not asked me for MFA code.

 

below is what I got.

 

Connect-SPOService : Could not authenticate to SharePoint Online
https://site/ using OAuth 2.0
At line:1 char:1
+ Connect-SPOService https://site/
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], Authenti
cationException
+ FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.Authentic
ationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService

Same issue. We also have MFA.

connect-sposervice  =>

connect-sposervice : Could not authenticate to SharePoint Online  using OAuth 2.0

 I had this issue and realised i was using http rather than https for my sharepoint url.

try changing that.

Also connect using

connect-sposervice -url https://<TenantAdminUrl>.sharepoint.com

@Ladislav Zvada 

I'm having the opposite issue, but I was getting this error after a recent registry edit I made while trying to bypass modern authentication for a script. Here is the related article I found and the registry key I created which causes this error, you might want to check for this key:

[HKEY_CURRENT_USER\Software\Microsoft\SPO\CMDLETS]

"ForceOAuth" = dword:00000001

https://docs.microsoft.com/en-us/sharepoint/troubleshoot/security/cannot-force-modern-authentication

This worked for me! (after a restart)