Office 365 single sign-on with third-party browsers

If your computers have Extended Protection for Authentication, and you use the Firefox, Google Chrome, or Safari browsers, you may not be able to sign on to Microsoft 365, depending upon your operating system. Instead, you will get an access denied message. This is due to the default configuration for Active Directory Federation Services (AD FS) 2.0 and Extended Protection for Authentication.

Unless and until Firefox, Google Chrome, and Safari support Extended Protection for Authentication, the recommended option is to install and use Internet Explorer 10 or later.

If you want to use single sign-on for Microsoft 365 with Firefox, Google Chrome, or Safari, there are two other solutions:

  1. Uninstall the Extended Protection patches from your computer.

  2. Change the Extended Protection setting on the Active Directory Federation Services 2.0 server. See “ExtendedProtectionTokenCheck” on the TechNet Set-ADFSProperties page for details.

Note:  There may be security concerns in taking either of the approaches described above. For more details, see the Microsoft Support article Microsoft Security Advisory: Extended protection for authentication.

Need more help?

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.