O365 User Authentication fails with error “ Sorry, that didn’t work. Please go back to office.com and try again”

Question

I have a Federated custom O365 AzureAD domain with On-premises Active directory domain .Azure AD Connect is used to integrate on-premises directories with Azure AD. The integration with O365 is done with third party multi-factor authentication server using SAMl 2.0 and not used ADFS for the sso to integrate with on-premise AD DC with Azure AD . So, while i login with O365 user ( synced from on-premises AD domain in the O365 cloud), it will ask for the 2F authentication and suppose to land in to the users home page but it fails and browser throws error "Sorry, that didn’t work. Please go back to office.com and try again” Any help in resolving the issue is higly appreciated . Attached the url error and SAML trace for your reference . ![77299-o365auth-error.jpg][1][77363-saml-office-365-error-direct-without-adfs.txt][2] [1]: /api/attachments/77299-o365auth-error.jpg?platform=QnA [2]: /api/attachments/77363-saml-office-365-error-direct-without-adfs.txt?platform=QnA

Answer 1

Can someone help on how to proceed further ..

Answer 2

This can happen if there is a password policy applied on the user accounts or if the user accounts have expired. Can you please confirm that neither of these things are the case, and that the users able to login to other applications?

I am unable to access your logs, but if you post a screenshot of the error logs under Azure AD > Activity > Sign ins we should be able to get further insights.

Without seeing the logs it's harder to know off the bat, but if you are also getting a credential validation failure along with the error you posted, this can happen if the UPN of the on-premises user does not match the UPN of the Azure AD user. To resolve this issue, make sure that the on-premises UPN suffix is a verified domain, and then either wait until the next time that directory synchronization runs or force directory synchronization.