Google Chrome and issues with MFA

GabeShack
Valued Contributor III

Hi all,

For a bit now our users have noticed that if they use chrome, they get prompted to sign into our various O365 logins over and over if they close their tab or window.   This doesnt happen if they "sign into google" and turn on syncing.  However anyone using a guest or unnamed profile in google loses their authentication once the window is closed.  

 

We are in the process of requiring MFA for all our staff however anyone with google is getting prompted over and over to sign in and get their phone pin, since each time they close their window it requires re logging in.

 

This does not happen in Safari or Firefox, where once signed in, and you close a window, it remembers that you signed in.

 

I started playing with plists for chrome to see if we could get this to work as it used to and figured it was something with cookies or related to guest browsing and I have yet to find the right plist to make this work.

 

Anyone else seeing this?

Gabe Shackney
Princeton Public Schools
1 ACCEPTED SOLUTION

GabeShack
Valued Contributor III

We found a way around this issue using the chrome extension called "Windows Accounts" resolved it for us.

Gabe Shackney
Princeton Public Schools

View solution in original post

5 REPLIES 5

e_decker
New Contributor

I saw this Google verification issue with a couple users, and it went away when they unchecked the option to "Clear cookies and site data when you close all windows" in their browser settings. 

GabeShack
Valued Contributor III

Unfortunately this does not work if the user is in a guest account or just not signed into their account.  It seems to not actually do anything otherwise.

Gabe Shackney
Princeton Public Schools

markdmatthews
Contributor

Have you looked at adding a managed com.google.Chrome.plist?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AuthNegotiateDelegateWhitelist</key>
<string>*.domain.com</string>
<key>AuthServerWhitelist</key>
<string>*.domain.com</string>
<key>HomepageIsNewTabPage</key>
        <false/>
    <key>HomepageLocation</key>
    <string>https://website.com</string>
     <key>RestoreOnStartup</key>
    <integer>4</integer>
    <key>RestoreOnStartupURLs</key>
    <array>
        <string>https://website.com</string>
    </array>
    <key>ShowHomeButton</key>
    <true/>
</dict>
</plist>

GabeShack
Valued Contributor III

Yea I made a profile with profile creator and whitelisted all the domains that would use our office 365 logins.  Still no change when they either dont sign in (guest mode) or sign in but dont sync.

Gabe Shackney
Princeton Public Schools

GabeShack
Valued Contributor III

We found a way around this issue using the chrome extension called "Windows Accounts" resolved it for us.

Gabe Shackney
Princeton Public Schools