azure federated managed apple id verification prompt frequently

Contributor

Screenshot 2021-01-28 192040.png

 

i am using azure federated managed apple id to sign in icloud. once every few days, i will get apple id verification prompt to authenticate. is this normal? 

12 Replies
Hi @jrng89, good morning. Federated authentication requires that a user’s User Principal Name (UPN) match their email address. User Principal Name aliases and Alternate IDs are not supported. To use federated authentication with Apple School Manager, your Apple devices must meet the following requirements: iOS 11.3 or later iPadOS 13.1 or later macOS 10.13.4 or later. Check your federation services logs and see where is the problem it should be my first option. Here you have more info about Federation services with Apple ids. https://support.apple.com/en-ie/guide/apple-school-manager/apdb19317543/web I hope this can help. Good luck!

@Pablomcse 

thanks. i have no problem signing in to federated azure work account.

 

it is just that the verification prompt will happen every few days 

Hi @jrng , good evening. 

 

Maybe your Azure AD MFA  "remember multi-factor authentication settings" is Disabled. 

 

You can see this here:

  1. In the Azure AD portal, search for and select Azure Active Directory.
  2. Select Security, then MFA.
  3. Under Configure, select Additional cloud-based MFA settings.
  4. In the Multi-factor authentication service settings page, scroll to remember multi-factor authentication settings.

 

You can find more info here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concepts-azure-multi-factor-a...

 

I hope this can help you. 

 

Good luck!

Hey!! Did you find a fix, i have exactly the same issue while using federated authentication. 

@jrng 

 

Hi!! have you found a fix for this, we are getting the same issue?

thanks. tried. it does not help. the apple id verification prompt will prompt every day now.
Hi

How are the vpp apps licences deployed/configured? user based or device based?
All vpp apps are deployed as device based license

@jrngwe are having a similar problem - most recently this has gotten more frequent. We are an ABM federated domain, we allow users to remember MFA authentication for X days.
Some troubleshooting we are just now trying is to check and confirm the authenticator app is logged in and working for the user and also for intune company portal app having the end user log out and then fully log back in (using their work email/apple federated ID - which are the same). Looking for suggestions to mitigate this end user interuption

Would Azure Conditional access help or hurt in this scenario. @jrng, do you use conditional access settings to manage the ABM cloud app?
nope, i did not use CA to manage ABM cloud app.

@jrng Thanks. Did you eventually get this issue resolved? I'm trying to discover the cause of some relatively frequent Managed Apple ID login prompts for a federated ABM setup.