Sep 11 2018 04:24 PM
We are going to be rolling out a new SharePoint site soon which is the SharePoint online version. We also use Teams, Skype for Business, Outlook and some other things (Word, Excel, etc) whereas these applications do not ask the end user to authenticate. However in doing SharePoint testing, most times when a browser is open, it asks for a user to authenticate. Can it not do single sign on as our O365 Tenant already knows who is signed on and this is the only application that does this. Is there a setting in Admin for SharePoint that I have turned on (or off)?
Thanks
Sep 11 2018 08:51 PM
If you are in the same tenant, it should automatically login.
Sep 12 2018 03:16 AM
Sep 12 2018 03:38 AM
It should, but SPO doesn't. For instance, I just signed in this morning here at work on my laptop. After signing in, my Skype comes up and does not ask for my credentials. I can go right into Teams no issue. If I bring up SPO in Explorer or Edge, it does work, but if I bring it up in Chrome, it asks for identity.
Sep 12 2018 03:57 AM
So this is only happening in Chrome? I think this might be "by design". As Chrome is not an MS product and they can't add modern authentication to Chrome. I guess it works in IE or Edge? At least in Chrome it doesn't ask for a password when SSO is enabled. So some part of modern auth does work.
Sep 12 2018 04:33 AM
Sep 12 2018 05:07 AM
Where do I check to make sure that SSO is enabled?
Sep 12 2018 02:14 PM
After thinking about it i might to test it more. We have IE as a default. I use Chrome only for testing and it has lots of O365 accounts, so maybe that's why it asks for an identity. Will try to wipe my Chrome profile and try to open SPO link with a fresh profile. It also might be because we are using Windows 7 (haven't tried Chrome with SPO on Windows 10).
Sep 12 2018 02:21 PM
You may have different setup. We use Windows 7 with local domain, not Azure AD joined. We use AD Connect to sync users and enabled Single sign on there in its settings. Also had to add a few URLs to intranet zone. Specifically adding https://autologon.microsoftazuread-sso.com to intranet zone made it login automatically in IE. As per https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quic...
Sep 12 2018 09:49 PM
Okay, I miss-read your original post. So you are using seamless SSO I guess.
But, if you are using federated identity (ADFS SSO), the problem with Chrome is that by default ADFS doesn't offer Windows integrated authentication (WIA). All you need to do is to add Chrome to the list of WIA supported browsers as explained here.
Sep 13 2018 04:05 AM - edited Sep 13 2018 04:06 AM
Yeap, i was wrong. After i have wiped all sign-ins ant cookies from Chrome and tried to open a link to our SPO, it logged me in automatically without asking for login or password.