Share via

A single user keeps being asked for authenticator when they access a sharepoint site.

Everything Tech 0 Reputation points
2024-07-12T10:11:11.19+00:00

Hi

We have a user that keeps being asked for authenticator when they go into sharepoint. It does not seem to remember that they are already logged in

User's image

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,038 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,211 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. akinbade abiola 8,295 Reputation points
    2024-07-12T15:43:39.82+00:00

    Hello Everything Tech,

    Thanks for your question.

    The screenshot indicates that the Conditional Access Policy requires MFA for accessing Office 365 SharePoint Online. The policy details show that the grant control for MFA is not satisfied, causing the user to be repeatedly asked for authentication.

    You can check the exact grant control failure from the sign in logs https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins#interactive-user-sign-ins

    See: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant for further grant info

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments
  2. Emily Du-MSFT 43,836 Reputation points Microsoft Vendor
    2024-07-15T02:27:36.1733333+00:00

    As akinbade abiola mentioned, the use requires multi-factor authentication to access SharePoint online.

    Please follow below article to set up Microsoft 365 sign-in for multi-factor authentication.

    https://support.microsoft.com/en-us/office/set-up-your-microsoft-365-sign-in-for-multi-factor-authentication-ace1d096-61e5-449b-a875-58eb3d74de14

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. Emily Du-MSFT 43,836 Reputation points Microsoft Vendor
    2024-07-16T02:44:46.4033333+00:00

    The difference between SharePoint and Outlook is because each application has its own OAuth Refresh Token that isn't shared with others.

    In the office client applications, the default time period is 90 days.

    In the browser, without any session lifetime settings, there are no persistent cookies. Every time a user closes and opens the browser, they get a prompt for reauthentication.

    Here are methods for you choose to configure session lifetime settings in the browser.

    1.In the conditional access policy, set sign-in frequency policy. (It is the recommended way.)

    https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-session-lifetime

    2.Keep the Remain signed-in option enabled and guide your users to accept it.

    https://learn.microsoft.com/en-us/entra/fundamentals/how-to-manage-stay-signed-in-prompt

    3.Remember multifactor authentication.

    https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-mfasettings#remember-multi-factor-authentication

    A reference article to introduce more:

    https://learn.microsoft.com/en-us/entra/identity/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments