Introduction
This article contains information about how to troubleshoot problems that affect the ability to sign in to Microsoft Office apps for Mac, iPad, iPhone, or iPod Touch. This article also contains resources for IT administrators to address reports about Active Directory Federation Services (AD FS) issues that are specific to Office for Apple iOS and Mac platforms.
In this table, locate the issue that you've encountered, and then consider the corresponding recommendation. For more detail, see the sections below the table.
|
Issue |
Recommendation |
|
Issue 1: “Unknown Auth method” message when you try to sign in to an Office app for iOS or Mac |
To resolve this issue, your administrator must contact the provider of your non-Microsoft federation server to verify the configuration. |
|
Issue 2: “An error occurred. Contact your administrator” message when you try to sign in to an Office app for iOS or Mac |
To resolve this issue, contact your administrator and point to this article. |
|
Issue 3: “An error has occurred, invalid SAML token” error message when you try to sign in to an Office app for iOS or Mac |
To resolve this issue, contact your administrator and point to this article. |
|
Issue 4: “There is problem with your account, please try again later“ error message when you try to sign in to an Office app for iOS or Mac |
Users can update to the latest version of the Mac or iOS apps that are available. If this does not resolve the issue, contact your administrator and point to this article. |
|
Issue 5: The sign-in page continually reappears when you try to sign in to any of the Microsoft 365 apps for iOS or Mac |
To resolve this issue, contact your administrator and point to this article. |
More information
Issue 1: “Unknown Auth method” message when you try to sign in to an Office app for iOS or Mac
This error can occur in a topology where an enterprise has federated an AD FS server with Azure Active Directory for signing in to Microsoft 365, and also federated the AD FS server with another non-Microsoft federation server such as Shibboleth. When Mac and iOS Office applications sign in, Azure Active Directory sends a parameter in the sign-in request to AD FS that requests forms authentication. When AD FS relays this request to the non-Microsoft federation server, it may be unable to interpret this parameter and it may display an error to the user, even before they are asked to sign in.
To resolve this issue, contact the provider of your non-Microsoft federation server.
Issue 2: “An error occurred. Contact your administrator” message when you try to sign in to an Office app for iOS or Mac
Users can't sign in if the tenant uses AD FS and forms-based authentication is turned off on the AD FS server. They receive the following error message:
An error occurred
An error occurred. Contact your administrator for more information.
Error details:
-
Activity ID: 00000000-0000-0000-c32d-00800000005e
-
Relying party: Microsoft Office 365 Identity Platform
-
Error time: <Date> <Time>
-
Cookie: enabled
-
User agent string: Mozilla/5.0 (Windows NT 6.3;WOW64)
-
AppleWebKit/537.36 (KHTML, like Gecko)
-
Chrome/38.0.2125.111 Safari/537.36
In certain AD FS configurations, the administrator may not have forms-based authentication enabled on the AD FS server. This prevents Mac clients from logging in as required by the authentication process.
To resolve this issue, set up AD FS to use forms-based authentication as the secondary form of authentication. To do this, follow the appropriate steps for the version that you use.
NOTE: The currently configured authentication methods can remain unchanged. For example, if Windows Integrated Authentication is configured as the primary authentication method, it can remain configured this way.
If you use AD FS 2.0
Enable forms-based authentication by using the steps in the following Microsoft TechNet topic:
If you use AD FS in Windows Server 2012 R2
Follow these steps:
-
In Server Manager on the AD FS 3.0 server, click Tools, and then select AD FS Management.
-
In the AD FS snap-in, click Authentication Policies.
-
In the Primary Authentication section, click Edit next to Global Settings.
-
In the Edit Global Authentication Policy dialog box, click the Primary tab, and then under Extranet and under Intranet, click to select the Forms Authentication check box.
Issue 3: “An error has occurred, invalid SAML token” error message when you try to sign in to an Office app for iOS or Mac
When you try to sign in, you receive the following error message:
-
An error has occurred, invalid SAML token.
The complete error may resemble the following:
-
We received a bad request.
-
Additional technical information:
-
Correlation ID: 82121251-3634-4afb-8014-fb5298d6f2c9
-
Timestamp: 2014-11-01 00:25:35Z
-
AADSTS50008: SAML token is invalid
This is a known Azure Active Directory issue. A fix is expected soon. In the meantime, you can run the following Windows PowerShell script to resolve the issue.
NOTE: You must run the PowerShell script one time for each affected federated domain.
Follow these steps:
-
Ensure that you have the latest Azure Active Directory Module for Windows PowerShell. For more information, go to the following Microsoft Office website:
Windows PowerShell cmdlets for Microsoft 365 management and deployment -
Run the following command in PowerShell on the AD FS server:
Update-MsolFederatedDomain -DomainName [verified domain]
Issue 4: “There is problem with your account, please try again later“ error message when you try to sign in to an Office app for iOS or Mac
Administrators who have configured AD FS 2012 R2 to let users sign in by using an alternative user identifier, such as their email address, may experience this error. Users typically sign in by using their user principal name (UPN). We are working on an update to the Mac and iOS applications to support signing in by using an alternative user identifier.
To resolve this issue, update to the latest version of Mac and iOS apps. Verify the configuration of AD FS 2012 R2 to let users sign in by using an alternative user identifier.
Issue 5: The sign-in page continually reappears when you try to sign in to any of the Microsoft 365 apps for iOS or Mac
IMPORTANT: Because of a temporary mitigation in Azure Active Directory, some users who have successfully signed in between October 30, 2014 and December 2, 2014 may start experiencing this issue after December 2, 2014. Ensure that the update mentioned below has been installed.
When a user signs in to any of the Microsoft 365 apps for iOS or Mac, the user enters their user name and password on the sign-in page and the sign-in page reappears and prompts the user for their user name and password again. This problem can occur if you're using an AD FS 2.0 server that's missing critical updates.
Install the update documented in the following Microsoft Knowledge Base article on the AD FS 2.0 server:
Several issues after you install security update 2843638 or 2843639 on an AD FS server
3rd-party information disclaimer
The 3rd-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Still need help? Go to Microsoft Community.
