You are currently offline, waiting for your internet to reconnect

Multiple authentication prompts when signing in to Skype for Business after enable ADAL (aka Modern Authentication)

Symptoms
After Azure AD Authentication Library (ADAL) is enabled, users receive multiple security prompts to enter credentials when they try to sign in to Skype for Business client.

sign in
Cause
This issue occurs because ADAL authentication is enabled on the Skype for Business server, but Integrated Windows Authentication is not used for authentication against the Security Token Service (STS) URL.
Resolution
To resolve this problem, do the following:

  • Add the STS URL to the intranet zone in Internet Explorer.
  • Make sure that the default Advanced security settings for Internet Explorer are configured to have the Enable Integrated Windows Authentication check box selected under Security.
  • Make sure that the User Authentication Logon setting in the intranet zone is configured to have the Automatic logon only in the Intranet Zone option selected.
More information
ADAL can help you provide an increased level of security. It lets companies use multi-factor authentication against services. This additional layer of security requires users to authenticate when an authentication request is made. If Integrated Windows Authentication is enabled, the user's cached NTLM credentials are automatically provided for the user. When Integrated Windows Authentication is not enabled, users are required to enter those credentials when they are prompted.

Note When users are authenticating externally, Integrated Windows Authentication is not used because this process works only when the computer is connected to the internal corporate domain. In this situation, users would typically see a Skype for Business authentication prompt.

sign in
Properties

Article ID: 3151226 - Last Review: 04/01/2016 09:41:00 - Revision: 1.0

Skype for Business

  • kbsurveynew kbtshoot kbexpertiseinter KB3151226
Feedback
">