Forum Discussion
Stream "sign in" or "sign up" page blocking video views
We are trying to create links to stream videos that we can post in e-mail or on our legacy / on-premises sharepoint portal that a user can "1 click" to access a video. Before I dive into this, let me cover the basics:
- All users have a license that includes stream and the service is enabled.
- The videos all have permissions set to allow the whole company to view
- We are using an on-premises ADFS for authentication
- Of course we understand if the user is not on our corporate network and on a domain joined machine they will see a login prompt from our ADFS (that is okay!)
When our end users click on the link they are presented with an "interceptor" page that says "It looks like someone shared something with you in Microsoft Stream". And presents them the option to "Sign up" or "Sign In" (image included below). I am looking for a way to not have our 1000+ users be presented with this page.
I have found references to the following Querystring parameters on this forum:
- Domain_hint= - where we can provide our tenant name to bypass entering the Work or School account name. We have used this with other Azure AD apps in the past with great success.
- NoSignUpCheck=1 - which is supposed to bypass the signup page.
We have not been able to get these to work in order to bypass the screen and have tried them in different combinations (change the order, changed the value in nosignup, etc). I am more than happy to provide more details as needed. At this point it is blocking our use of stream and we don't want to use the older O365 video platform.
Thanks in advance for your attention and help in this matter.
- Marc Mroz
Microsoft
Short answer:
If you add the query string parameter NoSignUpCheck=1 to the end of any Stream URL (including videos) it should skip the "marketing / interceptor" page you have a screen shot of above and go directly to the login.microsoftonline.com login page. You then enter your email address and it will redirect to your ADFS login page. (At least this worked when I just tried it out now).
Example:
https://web.microsoftstream.com/video/c3f9d897-5ac0-44dd-b184-363ed3062310?list=trending&NoSignUpCheck=1
For embed codes, if you add the query string parameter domain_hint=<ADFS domain> to end of a src URL on an embed code, we'll skip going to login.microsoftonline.com and go to the ADFS login page for the domain specified directly.
Example:
<iframe width="640" height="360" src="https://web.microsoftstream.com/embed/video/c3f9d897-5ac0-44dd-b184-363ed3062310?autoplay=false&showinfo=true&domain_hint=contoso.com" frameborder="0" allowfullscreen ></iframe>
Regardless of above we are also working to improve the design of that marketing / interceptor page to make it more clear for people that already have a login. (See long answer below)
I think ideally what you are looking for is a feature on our backlog for the future to look at implementing something with ADFS login acceleration, where we can skip the marketing page and login.microsoftonline.com page, and go directly to your ADFS organization specific login page. This is on the backlog but we haven't determined when we'll be able to get to that project.
Long answer:
Stream is both a service you get as part of O365 and also a service you can buy standalone. For standalone we do offer free trial sign ups of the service.
When a user isn't logged in already we send them our sign in / sign up "marketing (aka interceptor - great name you gave it) page. This offers the user to either sign in with their existing account or do a free trial if they aren't licensed yet (ad-hoc / viral sign up).
I agree with you, the page we have today isn't great for users that already do have a login. To help alleviate some of this problem we are in the process of redesigning this "marketing / interceptor" page. The new design will be something like this. When this is done do you think this will help at all?
Or do you still feel this would be an issue for your users?
Marc-
Apologizes for the SLOW response, I hate it when people don't follow-up.
I think you nailed it - we are looking for a combination of domain_hint and NoSignUpCheck in the same embedded url. We are trying to "ease" the process for our users between on-premises content and cloud-hosted content. We have found that any "friction", including login prompts, leads to calls to our help desk and general dissatisfaction with the "new" service. Office 365 smart links and using domain_hint in our Azure hosted applications have greatly reduced the calls and increased satisfaction.
I think the screen shot that you showed is an improvement over the current one, which looks rather like an error page, but I think it is just a "better" bad page. And I don't want to sound too harsh! I totally get that you guys in stream have a tough problem to crack with the various ways people access the service and I don't want to pass judgement from afar. I am also happy to help and provide feedback where needed!
- I agree with everything Larry said in his response. We are just beginning to look at using Stream in our org, and this looks like it could be the thing that prevents us from using it.
+1 to ADFS login acceleration (I think this should be the default when pulling embed code for a protected video in an ADFS enabled org).
+1 on the "better" bad page.
Hey Marc,
Glad I found this tip, but in your example for the link, it's supposed to be a ?, not &. For example, ?NoSignUpCheck=1. This is the only way I could get it to work.
I'm still hoping to see this marketing page go away altogether for organizations.
When I use the NoSignInCheck=1, it seems to work ok with Chrome, IE, and Edge, but I still get this in the Yammer app. Any thoughts on that?
sign in or sign up in Yammer post
Michele FerrariThis link can be used to point directly to a specific video based on the ID (which you can retrieve going into stream app and copy it from the address bar of your browser)
Example:
User Experience:
From a user inside the CORP, user will get SSO and stream will open directly in the browser without any user “friction”.
From an user outside the CORP User redirected to login.microsoftonline.com (as we specified nosignupcheck=1 which skips the “marketing” page)
domain_hint or login_hint does not work to avoid the login.microsoftonline.com UX experience but at the end, the UPN is copied over into the WAP login page so, not so bad.
Browser is then redirected to your WAP:
And the video starts immediately after.
Michele
Hi Michele,
It's nice that there's a workaround for this, but I'm wondering when we can expect a more permanent solution. We can't expect our content owners to manually modify every link for their videos since some of them have 100's of videos. Is there any chance you can add the noSignUpCheck=1 as a default setting in the link that is created when a user clicks on the Share button for a video?
- Marc Mroz
I believe we have a project going to remove the intermediate marketing page and instead go directly to the login.microsoftonline.com login screen. ChrisKnowlton on our team would know more info on that project.
In terms of ADFS or home realm detection we'd need to do a bit more work there to skip the login.microsoftonline.com login page and go to your specific internal login page. Can you add your votes and comments to this entry in our ideas forum: https://techcommunity.microsoft.com/t5/Microsoft-Stream-Ideas/Support-Windows-Home-Realm-in-Stream-WHR/idi-p/116253
Michele-
Thank you for replying! It feels like the product group has decided to ignore this issue...
There is still "friction" in the sign in process using the url that you provided. The user is still prompted for what ID to use (either via form or select list if they have logged on previous). It does single signon in AFTER they provide the email address (see screen shot). Normally with DOMAIN_HINT it takes you right in. I included a screen shot to help clarify.
In our case we are looking to bypass signon prompts (with domain_hint) and the signup check (with nosignupcheck).
Like many of the other people on this thread, our departments are continuing to use private YouTube links. Which leads to the question: "Why not use more Google properties?"
I hope this helps clarify the issue.
