SOLVED

Why Teams desktop client does not auto-login using ADFS?

%3CLINGO-SUB%20id%3D%22lingo-sub-1513244%22%20slang%3D%22en-US%22%3EWhy%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1513244%22%20slang%3D%22en-US%22%3E%3CP%3EOn%20a%20domain%20bound%20machine%2C%20while%20opening%20MS%20Teams%20it%20does%20not%20auto-login%20user%20and%20shows%20following%20prompt%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22kpsingh_0-1594335312529.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F204503i247F275AD85A1E75%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22kpsingh_0-1594335312529.png%22%20alt%3D%22kpsingh_0-1594335312529.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3ETried%20to%20SSO%20to%20MS%20Excel%20and%20it%20worked%20on%20same%20machine%20and%20did%20not%20prompt%20for%20credentials%3C%2FLI%3E%3CLI%3EWindows%2010%20has%20been%20updated%20to%20latest%20version%202004%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1513244%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Elogin%20screen%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1514318%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1514318%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F251639%22%20target%3D%22_blank%22%3E%40kpsingh%3C%2FA%3E%26nbsp%3BHello%2C%20without%20knowing%20much%20of%20your%20config%2C%20see%20if%20this%20can%20assist%20in%20any%20way.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E'Sign%20in%20to%20Microsoft%20Teams%20using%20modern%20authentication'%3C%2FP%3E%3CP%3E-ERR%3AREF-NOT-FOUND-%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fsign-in-teams%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fsign-in-teams%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1515631%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1515631%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40bec064%3C%2FA%3E%26nbsp%3BI%20followed%20this%20article%20as%20well.%20As%20they%20suggested%2C%20I%20have%20updated%20windows%20to%20latest%20version.%20Other%20than%20Teams%2C%20I'm%20able%20to%20auto-login%20to%20other%20MS%20Office%20apps%20such%20as%20Excel%20or%20Work%20etc.%3C%2FP%3E%3CP%3EHowever%2C%20Teams%20gives%20me%20windows%20auth%20prompt%20while%20it%20should%20auto-login%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1515652%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1515652%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F251639%22%20target%3D%22_blank%22%3E%40kpsingh%3C%2FA%3E%26nbsp%3BHey%2C%20I'm%20just%20about%20to%20turn%20off%20my%20laptop.%20But%20this%20is%20a%20%22basic%20authentication%22%20prompt%20as%20far%20as%20I%20can%20tell%20and%20Teams%20uses%20modern%20authentication%20by%20default%20as%20well.%20Is%20this%20happening%20for%20all%20users%3F%20Please%20provide%20some%20additional%20tech%20details%20about%20the%20scenario%20and%20I%20will%20try%20to%20assist.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1519291%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1519291%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40bec064%3C%2FA%3E%26nbsp%3BPlease%20see%20below%20for%20our%20configuration%3A%3C%2FP%3E%3CUL%3E%3CLI%3EWe%20are%20using%20AD%20FS%20on%20prem%20and%20integrated%20it%20with%20O365%20for%20SSO%3C%2FLI%3E%3CLI%3EClient%20machines%20are%20domain%20bound%20which%20means%20they%20login%20to%20computer%20using%20their%20AD%20credentials%3C%2FLI%3E%3CLI%3EEvery%20Teams%20URL%20is%20added%20in%20trusted%20sites%20in%20IE%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Ftroubleshoot%2Fteams-sign-in%2Fsign-in-loop%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Ftroubleshoot%2Fteams-sign-in%2Fsign-in-loop%3C%2FA%3E)%3C%2FLI%3E%3CLI%3EIn%20IE%2C%20%3CSTRONG%3EUser%20Authentication%3C%2FSTRONG%3E%20%3CSTRONG%3E%26gt%3B%20Logon%3C%2FSTRONG%3E%20is%20set%20to%20%22%3CSTRONG%3EAutomatic%20logon%20with%20current%20user%20name%20and%20password%3C%2FSTRONG%3E%22%3C%2FLI%3E%3C%2FUL%3E%3CP%3EUsing%20above%20configuration%2C%20when%20basic%20authentication%20prompt%20shows%20up%2C%20it%20should%20automatically%20login%20to%20teams%20rather%20than%20user%20to%20enter%20credentials%20again.%3C%2FP%3E%3CP%3EThis%20however%20works%20with%20other%20MS%20Office%20apps%20such%20as%20Excel.%3C%2FP%3E%3CP%3EI%20hope%20this%20helps%20more%20in%20understanding%20our%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1521558%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1521558%22%20slang%3D%22en-US%22%3EHey!%20Sorry%20for%20the%20late%20reply%20(on%20vacation).%20How%20does%20the%20Outlook%20desktop%20clients%20behave%20when%20it%20comes%20to%20SSO%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1527896%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1527896%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40bec064%3C%2FA%3E%26nbsp%3BHi%2C%20I%20tried%20with%20Outlook%20and%20it%20also%20seamless%20SSO.%20User%20don't%20have%20to%20enter%20password%20with%20Outlook%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1528390%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1528390%22%20slang%3D%22en-US%22%3EHello%2C%20this%20seems%20odd.%20Does%20the%20prompt%20for%20Teams%20pop%20up%20every%20time%20you%20start%20Teams%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%E2%80%9DOnce%20you%20complete%20the%20sign%20in%20process%20using%20modern%20authentication%2C%20you%20won%E2%80%99t%20be%20required%20to%20provide%20your%20credentials%20again%20-%20from%20that%20point%20on%2C%20Microsoft%20Teams%20will%20automatically%20sign%20in%20to%20your%20account%20once%20you%20launch%20the%20app%20from%20the%20same%20machine.%E2%80%9D%3CBR%20%2F%3E%3CBR%20%2F%3EI%20am%20afraid%20I%20can%E2%80%99t%20assist%20properly%20as%20I%E2%80%99m%20on%20vacation.%20Perhaps%20you%E2%80%99d%20better%20off%20opening%20a%20ticket%20with%20the%20official%20MS%20support.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1528459%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1528459%22%20slang%3D%22en-US%22%3EBtw%2C%20maybe%20worth%20looking%20at%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Ftroubleshoot%2Fsign-in%2Fsign-in-issue-with-modern-auth%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Ftroubleshoot%2Fsign-in%2Fsign-in-issue-with-modern-auth%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1962304%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1962304%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F251639%22%20target%3D%22_blank%22%3E%40kpsingh%3C%2FA%3E%26nbsp%3BHello%2C%3C%2FP%3E%3CP%3Ein%20my%20case%20this%20was%20helpful.%20Y%3CSPAN%3Eou%20have%20to%20set%20ADFS%20properties%20to%20support%20Edge%20Chromium.%20However%20I%20don't%20have%20SSO%20running%20so%20I%20have%20to%20type%20login%20credentials.%3C%2FSPAN%3E%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3ESet-AdfsProperties%20-WIASupportedUserAgents%20%40(%22MSIE%206.0%22%2C%20%22MSIE%207.0%3B%20Windows%20NT%22%2C%20%22MSIE%208.0%22%2C%20%22MSIE%209.0%22%2C%20%22MSIE%2010.0%3B%20Windows%20NT%206%22%2C%20%22Windows%20NT%206.3%3B%20Trident%2F7.0%22%2C%20%22Windows%20NT%206.3%3B%20Win64%3B%20x64%3B%20Trident%2F7.0%22%2C%20%22Windows%20NT%206.3%3B%20WOW64%3B%20Trident%2F7.0%22%2C%20%22Windows%20NT%206.2%3B%20Trident%2F7.0%22%2C%20%22Windows%20NT%206.2%3B%20Win64%3B%20x64%3B%20Trident%2F7.0%22%2C%20%22Windows%20NT%206.2%3B%20WOW64%3B%20Trident%2F7.0%22%2C%20%22Windows%20NT%206.1%3B%20Trident%2F7.0%22%2C%20%22Windows%20NT%206.1%3B%20Win64%3B%20x64%3B%20Trident%2F7.0%22%2C%20%22Windows%20NT%206.1%3B%20WOW64%3B%20Trident%2F7.0%22%2C%20%22MSIPC%22%2C%20%22Windows%20Rights%20Management%20Client%22%2C%20%22Edg%2F*%22)%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3BIts%20not%20from%20my%20head%20so%20here's%20source%26nbsp%3B%3CA%20title%3D%22Microsoft%20Edge%20SSO%20with%20AD%20FS%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F37826%2Fmicrosoft-edge-sso-with-ad-fs.html%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F37826%2Fmicrosoft-edge-sso-with-ad-fs.html%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps%20I%20was%20stuck%20hours%20in%20checking%20SSO%20and%20AD%20FS.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1962622%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20Teams%20desktop%20client%20does%20not%20auto-login%20using%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1962622%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F251639%22%20target%3D%22_blank%22%3E%40kpsingh%3C%2FA%3E%26nbsp%3BHello%2C%3C%2FP%3E%3CP%3EI%20think%20this%20should%20help%2C%20in%20my%20case%20issue%20was%20in%20new%20Edge%20Chromium.%20After%20I%20enable%20support%20AD%20FS%20for%20chromium%20it%20worked.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Foperations%2Fconfigure-ad-fs-browser-wia%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Foperations%2Fconfigure-ad-fs-browser-wia%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

On a domain bound machine, while opening MS Teams it does not auto-login user and shows following prompt:

kpsingh_0-1594335312529.png

 

  • Tried to SSO to MS Excel and it worked on same machine and did not prompt for credentials
  • Windows 10 has been updated to latest version 2004
11 Replies

@kpsingh Hello, without knowing much of your config, see if this can assist in any way.

 

'Sign in to Microsoft Teams using modern authentication'

https://docs.microsoft.com/en-us/microsoftteams/sign-in-teams

@ChristianBergstrom I followed this article as well. As they suggested, I have updated windows to latest version. Other than Teams, I'm able to auto-login to other MS Office apps such as Excel or Work etc.

However, Teams gives me windows auth prompt while it should auto-login as well.

@kpsingh Hey, I'm just about to turn off my laptop. But this is a "basic authentication" prompt as far as I can tell and Teams uses modern authentication by default as well. Is this happening for all users? Please provide some additional tech details about the scenario and I will try to assist.

@ChristianBergstrom Please see below for our configuration:

Using above configuration, when basic authentication prompt shows up, it should automatically login to teams rather than user to enter credentials again.

This however works with other MS Office apps such as Excel.

I hope this helps more in understanding our issue.

Hey! Sorry for the late reply (on vacation). How does the Outlook desktop clients behave when it comes to SSO?

@ChristianBergstrom Hi, I tried with Outlook and it also seamless SSO. User don't have to enter password with Outlook as well.

Hello, this seems odd. Does the prompt for Teams pop up every time you start Teams?

”Once you complete the sign in process using modern authentication, you won’t be required to provide your credentials again - from that point on, Microsoft Teams will automatically sign in to your account once you launch the app from the same machine.”

I am afraid I can’t assist properly as I’m on vacation. Perhaps you’d better off opening a ticket with the official MS support.
best response confirmed by ThereseSolimeno (Microsoft)

@kpsingh Hello,

in my case this was helpful. You have to set ADFS properties to support Edge Chromium. However I don't have SSO running so I have to type login credentials.


AD FS on Windows 2016 and later:

 

Set-AdfsProperties -WIASupportedUserAgents @("MSIE 6.0", "MSIE 7.0; Windows NT", "MSIE 8.0", "MSIE 9.0", "MSIE 10.0; Windows NT 6", "Windows NT 6.3; Trident/7.0", "Windows NT 6.3; Win64; x64; Trident/7.0", "Windows NT 6.3; WOW64; Trident/7.0", "Windows NT 6.2; Trident/7.0", "Windows NT 6.2; Win64; x64; Trident/7.0", "Windows NT 6.2; WOW64; Trident/7.0", "Windows NT 6.1; Trident/7.0", "Windows NT 6.1; Win64; x64; Trident/7.0", "Windows NT 6.1; WOW64; Trident/7.0", "MSIPC", "Windows Rights Management Client", "Edg/*")

 

 

 

AD FS on Windows 2012 and earlier:

 

Set-AdfsProperties -WIASupportedUserAgents @("MSIE 6.0", "MSIE 7.0; Windows NT", "MSIE 8.0", "MSIE 9.0", "MSIE 10.0; Windows NT 6", "Windows NT 6.3; Trident/7.0", "Windows NT 6.3; Win64; x64; Trident/7.0", "Windows NT 6.3; WOW64; Trident/7.0", "Windows NT 6.2; Trident/7.0", "Windows NT 6.2; Win64; x64; Trident/7.0", "Windows NT 6.2; WOW64; Trident/7.0", "Windows NT 6.1; Trident/7.0", "Windows NT 6.1; Win64; x64; Trident/7.0", "Windows NT 6.1; WOW64; Trident/7.0", "MSIPC", "Windows Rights Management Client", "Edg/79.0.309.43")

 

More in this article https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wi... 

 

Hope this helps I was stuck hours in checking SSO and AD FS.

@kpsingh Hello,

I think this should help, in my case issue was in new Edge Chromium. After I enable support AD FS for chromium it worked.

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wi... 

Thanks so much for finding this and returning to help us all. You have saved a my hair line