Unsolved Seamless SSO for Microsoft services with connected Windows ID
-
Looking to find out if it's possible to get the same seamless login experience in Vivaldi for Microsoft services like Office 365 that you get in a their own Edge.
I've found out Chrome has an extension called "Windows 10 accounts" that can also be installed in Vivaldi but doesn't seem to do anything.
Can't really find any information on this on the forums or anywhere on the web really.
So is there something I'm missing or is this Microsoft being Microsoft and keeping the 'good stuff' from their own services to themselves? -
@jhuttensecuresult It's certainly possible in Chrome so should be in Vivaldi too. It requires good knowledge of using GPOs and configuring your services to use Kerberos, just like it would in Edge.
-
In this particular case we are talking about an Azure AD Joined device though, not an actual Windows Active Directory joined device. I believe the trick here is not in kerberos but in the Primary Refresh Token (PRT) available on the device after login with Azure AD.
Both Edge and Internet Explorer are able to access this from the device and use it for authentication to the Microsoft online services. The Windows 10 accounts plugin for Chrome enables it to also leverage this same functionality. As I mentioned, the plugin doesn't seem to do anything for Vivaldi though. Is this an impossibility I'll have to live with or can someone shed a light on this perhaps?
-
Ok, so here is how I think I got the "Windows 10 accounts" extension working with my SSO in Vivaldi:
-
This assumes you have the Windows 10 Accounts extension installed and that you are on Windows machine.
-
Ensure you are not logged in to the SSO in your Vivaldi before starting. If you are, please log out and restart the browser.
-
In the browser, click the Windows extension icon on the toolbar. It should open a new tab to log in to O365, or then offers you link to log in to O365 so click that so that you are on O365 login page
-
When at the O365 log in page do NOT enter your credentials (for example in the format [email protected]) but look for Sign-in options at the bottom and click that instead
-
In the Sign-in options page, click Sign in with a security key
-
You should now see a Windows Security dialog asking you to sign in to login.microsoft.com and that the request comes from Vivaldi.
Here, check that you current credential i.e. "[email protected]" is listed and select it and then click OK -
Sign in using PIN, fingerprint or password
-
If successful the Windows Security prompt disappears and you should now be logged in O365 thru the extension in the future! Open up any SSO internal pages to and you should be smoothly logged in.
-
-
Ppafflick moved this topic from Vivaldi for Windows on -
Resurecting an old thread, but do you think it's possible to get SSO to work for Vivaldi on Mac OS?
Could it be set up the way Chrome would be, or is it something Chrome specific that Vivaldi wouldn't support?
-
@Featureal Thanks for the fix. This worked perfectly for me but in my situation SSO was working perfectly using the windows accounts extension in our hybrid joined environment until a week or so ago.
I followed these instructions and it prompted me to use my passkey which didn't work but it then allowed me to sign in with my domain username/password. Previously it was telling me to install the Windows Accounts plugin (despite it already being installed and previously working).Thanks again for the fix @Featureal
