Home

Outlook 2013 with Modern Authentication gives prompt because of dual RP.

%3CLINGO-SUB%20id%3D%22lingo-sub-30155%22%20slang%3D%22en-US%22%3EOutlook%202013%20with%20Modern%20Authentication%20gives%20prompt%20because%20of%20dual%20RP.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-30155%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20in%20the%20process%20of%20migrating%20some%20mailboxes%20to%20EXO.%20When%20on%20prem%20users%20try%20to%20open%20EXO%20users%20calendars%20they%20are%20prompted%20for%20credentials.%20In%20order%20to%20eliminate%20these%20prompts%20in%20Outlook%202013%20we%20have%20enabled%20Modern%20Authentication%20both%20on%20the%20tenant%20and%20on%20the%20client%20side%20(EnableADAL%3D1%20etc.)%2C%20as%20well%20as%20enabling%20the%20endpoint%20(%2Fadfs%2Fservices%2Ftrust%2F13%2Fwindowstransport)%20in%20ADFS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%26nbsp%3Bsince%20users%20have%20two%20%22identity%20providers%22%20(Claims%20Provider%20Trusts%3F)%20to%20choose%20from%2C%20Active%20Directory%20%2B%20one%20EDU%20related%2C%20they%20get%20a%20white%20webform%20with%20two%20choises%20when%20opening%20EXO%20calendars.%20If%20they%20choose%20AD%20SSO%20handles%20the%20rest.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EObviously%20we%20don't%20want%20this%20popup%2C%20is%20there%20a%20way%20to%20make%20Outlook%20go%20directly%20the%20same%20way%20we%20do%20with%20smart%20links%2C%20or%20turn%20of%20one%20of%20these%20for%20that%20particular%20endpoint%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOh%2C%20we%20are%20also%20using%20Alternate%20Login%20ID%20(mail).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMagnus%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-30155%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-30729%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%202013%20with%20Modern%20Authentication%20gives%20prompt%20because%20of%20dual%20RP.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-30729%22%20slang%3D%22en-US%22%3E%3CP%3EOK%2C%20that%20particular%20issue%20was%20solved%20with%20the%20following%20command%3A%3C%2FP%3E%3CP%3ESet-AdfsProperties%20-IntranetUseLocalClaimsProvider%20%24true%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20happens%20now%26nbsp%3Bis%20that%20on%20premise%20users%20are%20prompted%20to%20log%20on%20to%20Office%20365%20when%20they%20open%20an%20EXO%20users%20calendar.%20The%20form%20come%20pre%20filled%20with%20the%20upn%20as%20username%20(not%20resolvable).%20If%20they%20fill%20in%20their%20email%20address%20it%26nbsp%3Bdiscovers%20that%20the%20domain%20is%20federated%2C%20redirects%20to%20adfs%20and%20logs%20on%20automatically.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20make%20Outlook%20pre%20fill%20the%20form%20with%20the%20email%20address%2C%20maybe%20like%20a%20client%20side%20registry%20setting%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

We are in the process of migrating some mailboxes to EXO. When on prem users try to open EXO users calendars they are prompted for credentials. In order to eliminate these prompts in Outlook 2013 we have enabled Modern Authentication both on the tenant and on the client side (EnableADAL=1 etc.), as well as enabling the endpoint (/adfs/services/trust/13/windowstransport) in ADFS.

 

However, since users have two "identity providers" (Claims Provider Trusts?) to choose from, Active Directory + one EDU related, they get a white webform with two choises when opening EXO calendars. If they choose AD SSO handles the rest.

 

Obviously we don't want this popup, is there a way to make Outlook go directly the same way we do with smart links, or turn of one of these for that particular endpoint?

 

Oh, we are also using Alternate Login ID (mail).

 

Thanks,

 

Magnus

1 Reply

OK, that particular issue was solved with the following command:

Set-AdfsProperties -IntranetUseLocalClaimsProvider $true

 

What happens now is that on premise users are prompted to log on to Office 365 when they open an EXO users calendar. The form come pre filled with the upn as username (not resolvable). If they fill in their email address it discovers that the domain is federated, redirects to adfs and logs on automatically.

 

Is there a way to make Outlook pre fill the form with the email address, maybe like a client side registry setting?

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies