Hello, same problem here... any solution ?
Web Sign In when domain is SAML Federated has stopped working!
We've been using Web Sign In for our Azure AD Joined laptops for a while now and it was working blissfully. Users did not need to enter passwords for all services related to Office365. The world was good. However, since Friday, all we are now getting is the error message (see attached screenshot):
----------
You'll need the Internet for this.
It doesn't look like you're connected to the Internet. Check your connection and try again.
----------
The odd thing about this is that the laptop is definitely connected to the Internet as the SAML bits are working - i.e. I'm redirected to our IdP where I complete the SAML authentication, but at the point where I'd ordinarily see the desktop, I instead get the error message described above. Someone on Reddit posted something similar where they are using Google as their IdP just 10 days ago. However, they stated they were able to resolve the issue - I was unable to get my environment working using their fix/workaround.
In addition, when I look at sign-in logs in Azure Portal, I see the following for my failed login:
----------
Authentication requirement: Single-factor authentication
Status: Failure
Continuous access evaluation: No
Sign-in error code: 130506
Failure reason: Access Pass must be used for Web Sign In. Contact your admin to get an Access Pass.
----------
I've seen mention elsewhere on the Internet about configuring Temporary Access Pass (TAP). I was able to get that configured and was then able to login to the desktop. However, our SAML federation allows us to use our Passwordless solution which is now broken. Using a TAP is counter intuitive as that can be considered a password, no?
What do we need to do to get this working again?
2 answers
Sort by: Most helpful
-
-
VipulSparsh-MSFT 16,271 Reputation points Microsoft Employee
2022-03-03T11:09:06.213+00:00 If the setup was working previously, I am assuming that there was no configurational issues that led to this issue.
The only thing to check at this point is to make sure that the TAP is still valid.If you can confirm that TAP is valid and the users still see the error, it is important to check if they are able to use TAP for office 365 service. If yes, and then I can take this offline and investigate further.
Please reach out to me at azcommunity@microsoft.com with subject "Atten-Vipul" and I will sync up with you further.
Here is the setup which is required for this just in case anyone wants to go through it : https://www.petervanderwoude.nl/post/enabling-web-sign-in-to-windows-for-usage-with-temporary-access-pass/
Hope it helps.