Office 365 Identity Federation – Credential Prompt from a Domain-joined Machine

I’ve heard from several folks that they see users authenticating against Office 365 via an on-premise ADFS infrastructure are prompted for credentials when accessing an Office 365 service such as the Office 365 portal, OWA or SharePoint even though the respective client machine is domain-joined and the user is logged in with his AD credentials.

image

This is NOT expected, but if it’s a browser-based app, its important you remember to add the federation service FQDN (i.e. sts.domain.com) to the local intranet zone in Internet Explorer. Yes the “Local intranet” zone and NOT “Trusted sites”.

image

This will eliminate the annoying credential prompt and provide the user with a seamless SSO experience.

image

If he has the respected permissions, the user can add the FQDN to the “Local intranet” zone himself or you as an administrator can push it out via a group policy.

There can be other issues that are causing the credential prompt. If this is the case I recommend you take a look at: http://support.microsoft.com/kb/2530569

Until later,
Henrik Walther

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top