Share via

Using Microsoft Teams with Authenticator

Anonymous
2021-02-09T15:08:48+00:00

When launching the Microsoft Teams app on our iPhones, we are unable to authenticate ourselves using the Microsoft Authenticator app (despite following all instructions through the Microsoft Teams and Microsoft Authenticator apps).

  • When we first tap log-in, it takes us out of the Teams app and into the Microsoft Authenticator App.
  • We then tap the Next button.
  • Then it gives a message that we cannot finish the set-up here and to open the link to do it in the Authenticator app.
  • At this point, if you click the "Get Codes" link in the upper-right corner it will show a code but then it won't prompt you for where to enter the code.
  • If we then click the link it prompts us to, it brings us to a log-in page for Microsoft.
  • We select our account then enter our password to log-in.
  • It then brings us back to the original screen we had when we started the process and brings us through all of the same steps with no end/resolution.
Microsoft Teams | Microsoft Teams for business | Sign up and Sign in | Sign in

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-02-09T21:03:38+00:00

    To eliminate Office applications as a factor, we recommend that federated users in an iOS environment test certificate-based authentication in the Safari browser by following the steps outlined in the "more information" section. The typical experience for iOS users who cannot authenticate on https://portal.office.com on a Safari browser is as follows:

    The user is not prompted as expected to approve the use of their user certificate after clicking the entry using an X certificate link. 509.

    The federated user is on a non-responsive STS home page or moves to the standard STS home page, where they are requested as follows:

    Select a certificate that you want to use for authentication. If you cancel the operation, close the browser and try again.

    Note If other authentication methods are enabled in AD FS, the user will also see a link that says "enter other options". If they click here, they will return to the STS home page.

    Both experiments fail with the following error:

    Safari was unable to open the page because the server stopped responding.

    Reason:

    The certificate chain is incomplete because the issuing subordinate certification authority certificate is not retrieved by the device as expected when the MDM policy sends only the root certificate to the Apple device along with the SCEP profile.

    The iOS device does not properly acquire the file *. Issuing CA's CRT, even if the AIA path in the user's certificate has a valid URL that points to the file *. Issuing subordinate certification authority CRT.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2021-02-09T17:03:15+00:00

    There's no real error, but this (screenshot below) is what appears.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2021-02-09T15:59:11+00:00

    Hello, I am Celso a member of the Microsoft community and a user like you. How can I help you today?

    Throughout this process, does any type of code appear expressing an error?

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  4. Anonymous
    2021-02-09T20:51:46+00:00

    Thanks for the info, but we are not running this on PCs. We're running the Microsoft Teams app on iPhones.

    Was this answer helpful?

    0 comments
  5. Anonymous
    2021-02-09T20:09:40+00:00

    Modern authentication is available to all organizations using Microsoft Teams. If users are unable to complete the process, there may be an underlying problem with your organization's Azure Active Directory configuration.

    If users are already signed in to Windows or other Office applications with the corporate or student account, when they start Teams, they will be directed directly to the application. It is not necessary for them to enter their credentials.

    Microsoft recommends using Windows 10 version 1903 or later for the best single sign-on experience.

    If users are not signed in to their Microsoft work or school account anywhere else, when they start Teams, they will be asked to provide single-factor or multi-factor authentication (SFA or MFA). This process depends on what your organization has decided it would like to be required by the entry procedure.

    If users are connected to a computer joined to the domain, when they start Teams, they may be asked to perform one more authentication step, depending on whether your organization has chosen to require MFA or whether the computer already requires MFA to log on. If their computer already requires MFA to enter, when they open Teams, the application will launch automatically.

    On computers that joined domains, when SSO is not possible, Teams can fill your login screen with the user's primary name (UPN). There are cases where you don't want this to happen, especially if your organization uses different UPNs on-premises and in Azure Active Directory. If so, you can use the following Windows registry key to disable pre-registration with UPN:

    Computer \ HKEY_CURRENT_USER \ Software \ Microsoft \ Office \ Teams

    SkipUpnPrefill (REG_DWORD)

    0x00000001 (1)

    Was this answer helpful?

    0 comments