Nov 15 2017
01:23 PM
- last edited on
Jan 14 2022
05:28 PM
by
TechCommunityAP
Nov 15 2017
01:23 PM
- last edited on
Jan 14 2022
05:28 PM
by
TechCommunityAP
We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the end of the week. Users who go to our sign-in page will start to see the new experiences by default, but a link allowing users to go back to the old experiences will be available until early December to give you some extra time to make the transition.
We'd like to take this opportunity to acknowledge the delays we have had with these features and thank you all for your patience. When we released these experiences in preview, we received a lot of great feedback from you and it was pretty clear we needed to take a little extra time to ensure the new experiences worked well with all the scenarios Azure AD sign-in is used for.
Read about it in the Enterprise Mobility & Security blog.
Jan 02 2018 12:24 PM
Jan 02 2018 04:09 PM
Jan 02 2018 11:43 PM
Hi,
at one of my customers I have exactly the same problem like Srikanth Komirishetty. Every time the browser is closed and reopend the Account Picking window is showing.
Jan 03 2018 10:29 AM
Jan 05 2018 11:21 AM
Hi @Vasil Michev, Thank you for the response. The old sign in page has "keep me signed in" check box that helps the user not be prompted to pick account or see login prompt the next time they re-launch the browser and access SharePoint site. The new UI has no such option any more.
The new ADFS version on Windows 2012 seems to have an option to create custom claim rules to issue PSSO claims that avoids "pick an account" prompt as shared by @Kelvin Xia.
As you recommended, I researched and I was able to create a SMART link which does the same job as "keep me signed in" check box. The user has to browse this link once, interestingly it won't even prompt for UPN (password not required as we are SSO) and process sets the persistent cookie on the machine and he/she never needs to pick account going forward.
The question I have now is, Our organization would like to enable PSSO but we are on ADFS 2.0 and Windows 2008 R2. The article on this link describes how to configure ADFS to issue PSSO claims but not sure if this applies to Windows 2008 R2.
Jan 05 2018 11:28 AM
I don't think so, it will most likely not recognize the claim.
Jan 05 2018 02:28 PM
We use SAML SSO with several vendors using ADFS as our iDp. Our ADFS server is under a different domain so we have a Claims Provider Trust setup with our AAD. We have an issue with the new sign-in experience. When a user initially signs in they get presented with the "Stay signed in?" prompt. If they say Yes a persistent cookie is set and things work like they should. However, if they were to go back to the iDp initiated signon page and log out for whatever reason, when they go to sign-in again they won't get the "Stay signed in?" prompt so it just sets a session cookie that is terminated if they close their browser. If they choose to go back to the old sign-in experience the "Keep me signed in" checkbox will be there so they once again can set a persistent cookie. Is this a known issue? Is there a fix for this?
Jan 08 2018 11:56 AM
Jan 10 2018 06:04 AM
We utilise WebDAV to map SharePoint Online drives for all of our 365 clients, and the new sign in has a critical flaw. After the initial sign in using IE the option to stay signed in is not presented, meaning that the mapped WebDAV drives do not reconnect. Returning to the old sign in and ticking the "Keep me signed in" still works fine however. If we log in to an inprivate browser the stay signed in option returns, however this is no good to us as it will not map a drive this way. Resetting IE also returns the
stay signed in prompt, however again this disappears after the initial sign in.
Jan 10 2018 06:20 AM
Jan 12 2018 11:19 AM
Jan 23 2018 01:33 PM
I have Office 365 MFA enabled. When the "Keep me signed in" experience rolled out in December I saw it. I clicked on Keep me signed in did not require authentication when I logged into Office 365 from any browser.
At some point in early January, I believe this changed. Now when I log in I get taken straight to my organization's login page, enter my credentials and I'm in. I have to log into Office 365 from my browser every day. The experience is the same across all my devices. I have not seen the "Keep me signed in" feature since.
Help please?!
Jan 23 2018 01:36 PM
Jan 23 2018 01:52 PM
Hi Kelvin,
This did not work. I get taken to my organizations SSO page, get prompted for MFA accept prompt and then go straight to Office 365.
Jan 23 2018 01:54 PM
Jan 23 2018 03:06 PM
I mean accept the push notification to my smartphone from MFA.
Jan 25 2018 11:07 AM
Hi Kelvin,
I would really appreciate some insight into this issue, we'd really like to communicate to our users about this change.
Jan 25 2018 12:06 PM
Jan 25 2018 12:31 PM
Can you please send me instructions on how to run the Fiddler trace.
Jan 25 2018 01:15 PM