Stream "sign in" or "sign up" page blocking video views

Copper Contributor

We are trying to create links to stream videos that we can post in e-mail or on our legacy / on-premises sharepoint portal that a user can "1 click" to access a video.  Before I dive into this, let me cover the basics:

 

  • All users have a license that includes stream and the service is enabled.
  • The videos all have permissions set to allow the whole company to view
  • We are using an on-premises ADFS for authentication
  • Of course we understand if the user is not on our corporate network and on a domain joined machine they will see a login prompt from our ADFS (that is okay!)

When our end users click on the link they are presented with an "interceptor" page that says "It looks like someone shared something with you in Microsoft Stream".  And presents them the option to "Sign up" or "Sign In" (image included below).  I am looking for a way to not have our 1000+ users be presented with this page.

 

I have found references to the following Querystring parameters on this forum:

  • Domain_hint= - where we can provide our tenant name to bypass entering the Work or School account name.  We have used this with other Azure AD apps in the past with great success.
  • NoSignUpCheck=1 -  which is supposed to bypass the signup page.

We have not been able to get these to work in order to bypass the screen and have tried them in different combinations (change the order, changed the value in nosignup, etc).  I am more than happy to provide more details as needed.  At this point it is blocking our use of stream and we don't want to use the older O365 video platform.

 

Thanks in advance for your attention and help in this matter. 

 

Capture (002).png

 

17 Replies

Short answer:

If you add the query string parameter NoSignUpCheck=1 to the end of any Stream URL (including videos) it should skip the "marketing / interceptor" page you have a screen shot of above and go directly to the login.microsoftonline.com login page. You then enter your email address and it will redirect to your ADFS login page. (At least this worked when I just tried it out now).

 

Example:

https://web.microsoftstream.com/video/c3f9d897-5ac0-44dd-b184-363ed3062310?list=trending&NoSignUpCheck=1

For embed codes, if you add the query string parameter domain_hint=<ADFS domain> to end of a src URL on an embed code, we'll skip going to login.microsoftonline.com and go to the ADFS login page for the domain specified directly.

 

Example:

<iframe width="640" height="360" src="https://web.microsoftstream.com/embed/video/c3f9d897-5ac0-44dd-b184-363ed3062310?autoplay=false&showinfo=true&domain_hint=contoso.com" frameborder="0" allowfullscreen ></iframe>

 

Regardless of above we are also working to improve the design of that marketing / interceptor page to make it more clear for people that already have a login. (See long answer below)

 

I think ideally what you are looking for is a feature on our backlog for the future to look at implementing something with ADFS login acceleration, where we can skip the marketing page and login.microsoftonline.com page, and go directly to your ADFS organization specific login page. This is on the backlog but we haven't determined when we'll be able to get to that project.

 

 

Long answer:

Stream is both a service you get as part of O365 and also a service you can buy standalone. For standalone we do offer free trial sign ups of the service. 

 

When a user isn't logged in already we send them our sign in / sign up "marketing (aka interceptor - great name you gave it) page. This offers the user to either sign in with their existing account or do a free trial if they aren't licensed yet (ad-hoc / viral sign up).

 

I agree with you, the page we have today isn't great for users that already do have a login. To help alleviate some of this problem we are in the process of redesigning this "marketing / interceptor" page. The new design will be something like this. When this is done do you think this will help at all?

 

Or do you still feel this would be an issue for your users?

 

Sign in Sign Up - Interceptor Page New Design.png

 

 

 

 

 

 

 

Marc-

 

Apologizes for the SLOW response, I hate it when people don't follow-up.

 

I think you nailed it - we are looking for a combination of domain_hint and NoSignUpCheck in the same embedded url.  We are trying to "ease" the process for our users between on-premises content and cloud-hosted content.  We have found that any "friction", including login prompts, leads to calls to our help desk and general dissatisfaction with the "new" service. Office 365 smart links and using domain_hint in our Azure hosted applications have greatly reduced the calls and increased satisfaction.

 

I think the screen shot that you showed is an improvement over the current one, which looks rather like an error page, but I think it is just a "better" bad page.  And I don't want to sound too harsh!  I totally get that you guys in stream have a tough problem to crack with the various ways people access the service and I don't want to pass judgement from afar.  I am also happy to help and provide feedback where needed!

I agree with everything Larry said in his response. We are just beginning to look at using Stream in our org, and this looks like it could be the thing that prevents us from using it.

+1 to ADFS login acceleration (I think this should be the default when pulling embed code for a protected video in an ADFS enabled org).

+1 on the "better" bad page.

Hey Marc,

Glad I found this tip, but in your example for the link, it's supposed to be a ?, not &. For example, ?NoSignUpCheck=1. This is the only way I could get it to work.

 

I'm still hoping to see this marketing page go away altogether for organizations.

When I use the NoSignInCheck=1, it seems to work ok with Chrome, IE, and Edge, but I still get this in the Yammer app.  Any thoughts on that?

sign in or sign up in Yammer postsign in or sign up in Yammer post

I have a similar problem getting a Stream video to play that's added to a SharePoint page using the Stream webpart. Works fine on desktop but when you access the page in the iOS SharePoint app, you get the login prompt, even though you're logged into the SP app. You click on then 'sign in' prompt and nothing happens. Even with the ?NoSignUpCheck=1 extension. Any ideas?

 Is it possible to pre-login all users to Stream, for example through PowerShell?

 

This link can be used to point directly to a specific video based on the ID (which you can retrieve going into stream app and copy it from the address bar of your browser)

 

Example:

https://web.microsoftstream.com/video/b9196505-8579-4695-b251-8991f26eba6c?noSignUpCheck=1&ru=https%...

 

User Experience:

 

From a user inside the CORP, user will get SSO and stream will open directly in the browser without any user “friction”.

 

From an user outside the CORP User redirected to login.microsoftonline.com (as we specified nosignupcheck=1 which skips the “marketing” page)

 

 domain_hint or login_hint does not work to avoid the login.microsoftonline.com UX experience but at the end, the UPN is copied over into the WAP login page so, not so bad.

 

Browser is then redirected to your WAP:

 

And the video starts immediately after.

 

 

Michele

Hi Michele,

 

It's nice that there's a workaround for this, but I'm wondering when we can expect a more permanent solution. We can't expect our content owners to manually modify every link for their videos since some of them have 100's of videos. Is there any chance you can add the noSignUpCheck=1 as a default setting in the link that is created when a user clicks on the Share button for a video?

I agree. We will simply further use YouTube with private links for our content. Sad when it feels like a small fix to get this in order.

Also, you have to fix video views in Yammer. Linking video från Stream now says "Working on it" and does not always embed the video player. It does not either work in iPhone or Android apps (Teams/Yammer).

Michele-

 

Thank you for replying!  It feels like the product group has decided to ignore this issue...

 

There is still "friction" in the sign in process using the url that you provided.  The user is still prompted for what ID to use (either via form or select list if they have logged on previous).  It does single signon in AFTER they provide the email address (see screen shot).  Normally with DOMAIN_HINT it takes you right in.  I included a screen shot to help clarify.

 

In our case we are looking to bypass signon prompts (with domain_hint) and the signup check (with nosignupcheck).

 

Like many of the other people on this thread, our departments are continuing to use private YouTube links.  Which leads to the question: "Why not use more Google properties?"

 

I hope this helps clarify the issue.

I believe we have a project going to remove the intermediate marketing page and instead go directly to the login.microsoftonline.com login screen. @ChrisKnowlton on our team would know more info on that project.

 

In terms of ADFS or home realm detection we'd need to do a bit more work there to skip the login.microsoftonline.com login page and go to your specific internal login page. Can you add your votes and comments to this entry in our ideas forum: https://techcommunity.microsoft.com/t5/Microsoft-Stream-Ideas/Support-Windows-Home-Realm-in-Stream-W...

We are also working with the Yammer team on making the Stream url unfurling better as well.  @Saili Raje is the PM on our team working on that project.

We are tyring to use the embed code for MSStream videos in a sharepoint (online) page, which as other users have said works fine in most browsers on the desktop except for Safari (which has cross domain protection enabled by default - turning this off allows it to work).
 
However we are trying to load the sharepoint page with an embedded MSStream video in a webview control using Xamarin forms however get the following error:
 
11-14 11:55:07.426 W/zygote  (18172): Attempt to remove non-JNI local reference, dumping thread[INFO:CONSOLE(0)] "Refused to display 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=<blah blah blah>' in a frame because it set 'X-Frame-Options' to 'deny'.", source: https://<oursharepoint host>/Pages/Videos.aspx (0)
 
Same page works in Chrome, IE, Firefox on the desktop, ie user is signed in to SharePoint (online) and MSStream embedded video loads.
 
Safari does not work, and gives the following error in the console (similar to the Android emulator):

[Error] Refused to display 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=<blah blah blah>' in a frame because it set 'X-Frame-Options' to 'DENY'.
 
Chrome on the mobile device loads the page ok.
 
Can the X-Frame-Options for login.microsoftonline.com be opened up a little to allow working in an IFrame or at least from other Office 365 services (ie SharePoint)? And sooner the better!!! Otherwise we'll be looking for other video solution options...

@Peter Strong - It is common practice that login pages can't happen inside of an iFrame to prevent click jacking and other security issues, thus we do not have any plans to change this. We've had to work around this limitation a ton in our implementation of the Stream embed code. 

 

However for SharePoint Online the Stream webpart has special logic in it to help ensure that when you are already logged into SPO our video/channel embed can get all that login info automatically so you won't be presented with a sign in button. We've done a bunch of work to may the Stream webpart work on desktop/cross browser/SP Mobile app. 

 

Is there a reason you can't use our Stream Webpart itself as that has the most robust logic for ensuring login happens across the 2 services. 

 

Are there things you wish we could improve about the existing Stream webpart to better fit your use case?

 

https://docs.microsoft.com/en-us/stream/embed-video-sharepoint#add-a-microsoft-stream-web-part-into-...

Thanks for the info Marc.

 The stream web part appears as though it is only available for Modern pages? It might be an option for us if this web part can be made available for classic sites? We're on a traditional publishing site at present...

It is a modern page webpart. I don't know if there is a way to get modern webparts into classic pages. Does anyone else know if that's possible?