Posted on 03-27-2024 01:05 PM
Having a big issue here with one of my user's mac devices. So, it keeps coming up on my CTO's laptop where every time he tries to access an O365 product it wants a password. Problem is none of the passwords work for this. He just got this device and ran it through Jamf from OOBE and everything else is accessible. We even installed Edge and it works through there, but the preferred browser is Chrome.
I implemented the SSO extension, and it is working fine for others.
From his device he is getting the below:
All users also have the Windows Accounts extension for Chrome enforced on the devices.
Anyone else faced or facing this issue?
Posted on 03-27-2024 01:24 PM
@santoroj Make sure the user is clicking "Always Allow" after entering their password. If they click Allow Chrome will prompt _every_ time it needs to access the certificate and that will happen often enough that it looks like the password was rejected.
Posted on 03-27-2024 01:35 PM
@sdagley Thank you for the response and suggestion but unfortunately, it will not take any password, that is the issue here.
Posted on 03-27-2024 01:49 PM
@santoroj Do you mean that you can't type in the entry field for the password, or that it's not accepting the user's login password? If they are not clicking "Always Allow" it will look like the password wasn't accepted because the prompt is being repeated so quickly. If they _are_ clicking "Always Allow" and it's not accepting their login password you'll need to determine why the password for the user's login keychain doesn't match the password they use to log in and fix that.
Posted on 03-27-2024 01:57 PM
@sdagley the user can enter the password, but it will not accept any password. User has had the device for 2 weeks and only had 2 passwords, neither are working.
Posted on 03-27-2024 02:03 PM
To be absolutely clear, the user IS selecting "Always Allow" at that prompt?
If they are have them open the Keychain Access app (if they're running macOS Sonoma they may be offered the option to use System Settings instead, have them choose Keychain Access). In Keychain Access select the login keychain then My Certificates to verify the certificate can be accessed. If it's working there but not in Chrome I don't have any other suggestions for you.
Posted on 03-27-2024 02:06 PM
@sdagley Yes, always allow is the option being used. They are on Sonoma, but because the password is not taking, there is no prompt to accept anything past entering the password and hitting "Always Allow". Thank you for your inputs, maybe someone else in the forum has been experiencing the issue.
Posted on 03-27-2024 07:25 PM
@santoroj My suggestion about opening Keychain Access isn't something you'd do after the password prompt in Chrome, just open the Keychain Access app. It will allow you to determine if the user's login keychain isn't being unlocked when the user logs in to the Mac because the login keychain password isn't in sync with the Mac's password.
Posted on 03-28-2024 04:45 AM
@sdagley gotcha, let me check this, issue is that I am thinking when you hit the save changes button it will prompt for the password and still we will face the issue where it does not take the password for it, but still we will try.
Posted on 04-08-2024 06:42 AM
@santoroj did you ever find a resolution? I believe I am stuck in the same do-loop.
Posted on 04-08-2024 07:54 AM
I have not yet found any solution
Posted on 04-17-2024 07:49 AM
The workplace join key is their Azure password, not their Mac password. If the user is using the right password and still not able to authenticate, it's most likely a keychain issue. You can reset the keychain with a terminal command: sudo fdesetup authrestart
This does not affect any passwords already in the keychain, just resets the authentication protocol. This will prompt for username and password (mac password) and will reset the keychain authentication. Then I would try the workplace join password again. If that doesn't work, unenroll from Azure and reenroll the mac. Also worth checking that the Mac complies with any Azure compliance policies set for your org.
Posted on 06-20-2024 12:59 PM
Was this able to solve the problem?
Posted on 06-24-2024 02:15 PM
I've had users report this same issue from time to time. The prompt just won't accept the password. We have Jamf Connect, so the computer password and the Azure/Entra password are the same. Sometimes a reboot fixes it, sometimes it doesn't. The only thing I've been able to come up with to get around it is to go in the Keychain and manually add the application on the "Access Control" tab of the WPJ key.
Posted on 07-03-2024 10:56 AM
Try entering user mac logon password and click "Always Allow"
Posted on 07-03-2024 11:19 AM
Sometimes it rejects it, despite being correct.