Google Chrome wants to access key "Microsoft Workplace Join Key" in your keychain

santoroj
New Contributor III

Having a big issue here with one of my user's mac devices.  So, it keeps coming up on my CTO's laptop where every time he tries to access an O365 product it wants a password.  Problem is none of the passwords work for this.  He just got this device and ran it through Jamf from OOBE and everything else is accessible. We even installed Edge and it works through there, but the preferred browser is Chrome.  

I implemented the SSO extension, and it is working fine for others.

santoroj_1-1711569765179.png

From his device he is getting the below:

 

santoroj_0-1711569485605.png

All users also have the Windows Accounts extension for Chrome enforced on the devices.

Anyone else faced or facing this issue? 

15 REPLIES 15

sdagley
Esteemed Contributor II

@santoroj Make sure the user is clicking "Always Allow" after entering their password. If they click Allow Chrome will prompt _every_ time it needs to access the certificate and that will happen often enough that it looks like the password was rejected.

santoroj
New Contributor III

@sdagley Thank you for the response and suggestion but unfortunately, it will not take any password, that is the issue here.  

sdagley
Esteemed Contributor II

@santoroj Do you mean that you can't type in the entry field for the password, or that it's not accepting the user's login password? If they are not clicking "Always Allow" it will look like the password wasn't accepted because the prompt is being repeated so quickly. If they _are_ clicking "Always Allow" and it's not accepting their login password you'll need to determine why the password for the user's login keychain doesn't match the password they use to log in and fix that.

santoroj
New Contributor III

@sdagley the user can enter the password, but it will not accept any password.  User has had the device for 2 weeks and only had 2 passwords, neither are working.  

sdagley
Esteemed Contributor II

To be absolutely clear, the user IS selecting "Always Allow" at that prompt?

If they are have them open the Keychain Access app (if they're running macOS Sonoma they may be offered the option to use System Settings instead, have them choose Keychain Access). In Keychain Access select the login keychain then My Certificates to verify the certificate can be accessed. If it's working there but not in Chrome I don't have any other suggestions for you. 

santoroj
New Contributor III

@sdagley Yes, always allow is the option being used.  They are on Sonoma, but because the password is not taking, there is no prompt to accept anything past entering the password and hitting "Always Allow". Thank you for your inputs, maybe someone else in the forum has been experiencing the issue.  

sdagley
Esteemed Contributor II

@santoroj My suggestion about opening Keychain Access isn't something you'd do after the password prompt in Chrome, just open the Keychain Access app. It will allow you to determine if the user's login keychain isn't being unlocked when the user logs in to the Mac because the login keychain password isn't in sync with the Mac's password.

santoroj
New Contributor III

@sdagley gotcha, let me check this, issue is that I am thinking when you hit the save changes button it will prompt for the password and still we will face the issue where it does not take the password for it, but still we will try. 

tsweat
New Contributor

@santoroj did you ever find a resolution? I believe I am stuck in the same do-loop.

santoroj
New Contributor III

I have not yet found any solution

AlexHoffman
New Contributor III

The workplace join key is their Azure password, not their Mac password. If the user is using the right password and still not able to authenticate, it's most likely a keychain issue. You can reset the keychain with a terminal command: sudo fdesetup authrestart

This does not affect any passwords already in the keychain, just resets the authentication protocol. This will prompt for username and password (mac password) and will reset the keychain authentication. Then I would try the workplace join password again. If that doesn't work, unenroll from Azure and reenroll the mac. Also worth checking that the Mac complies with any Azure compliance policies set for your org. 

erickj
New Contributor II

Was this able to solve the problem?

Bretterson
Contributor

I've had users report this same issue from time to time. The prompt just won't accept the password. We have Jamf Connect, so the computer password and the Azure/Entra password are the same. Sometimes a reboot fixes it, sometimes it doesn't. The only thing I've been able to come up with to get around it is to go in the Keychain and manually add the application on the "Access Control" tab of the WPJ key.

mohsinshaikh
New Contributor

Try entering user mac logon password and click "Always Allow"

Sometimes it rejects it, despite being correct.