Help

Google Chrome wants to access key "Microsoft Workplace Join Key" in your keychain

santoroj
New Contributor III

a month ago

Having a big issue here with one of my user's mac devices.  So, it keeps coming up on my CTO's laptop where every time he tries to access an O365 product it wants a password.  Problem is none of the passwords work for this.  He just got this device and ran it through Jamf from OOBE and everything else is accessible. We even installed Edge and it works through there, but the preferred browser is Chrome.  

I implemented the SSO extension, and it is working fine for others.

santoroj_1-1711569765179.png

From his device he is getting the below:

 

santoroj_0-1711569485605.png

All users also have the Windows Accounts extension for Chrome enforced on the devices.

Anyone else faced or facing this issue? 

Labels:
0 Kudos
11 REPLIES 11

sdagley
Esteemed Contributor II

a month ago

@santoroj Make sure the user is clicking "Always Allow" after entering their password. If they click Allow Chrome will prompt _every_ time it needs to access the certificate and that will happen often enough that it looks like the password was rejected.

0 Kudos

santoroj
New Contributor III

a month ago

@sdagley Thank you for the response and suggestion but unfortunately, it will not take any password, that is the issue here.  

0 Kudos

sdagley
Esteemed Contributor II
In response to santoroj

a month ago

@santoroj Do you mean that you can't type in the entry field for the password, or that it's not accepting the user's login password? If they are not clicking "Always Allow" it will look like the password wasn't accepted because the prompt is being repeated so quickly. If they _are_ clicking "Always Allow" and it's not accepting their login password you'll need to determine why the password for the user's login keychain doesn't match the password they use to log in and fix that.

0 Kudos

santoroj
New Contributor III
In response to sdagley

a month ago

@sdagley the user can enter the password, but it will not accept any password.  User has had the device for 2 weeks and only had 2 passwords, neither are working.  

0 Kudos

sdagley
Esteemed Contributor II
In response to santoroj

a month ago

To be absolutely clear, the user IS selecting "Always Allow" at that prompt?

If they are have them open the Keychain Access app (if they're running macOS Sonoma they may be offered the option to use System Settings instead, have them choose Keychain Access). In Keychain Access select the login keychain then My Certificates to verify the certificate can be accessed. If it's working there but not in Chrome I don't have any other suggestions for you. 

0 Kudos

santoroj
New Contributor III
In response to sdagley

a month ago

@sdagley Yes, always allow is the option being used.  They are on Sonoma, but because the password is not taking, there is no prompt to accept anything past entering the password and hitting "Always Allow". Thank you for your inputs, maybe someone else in the forum has been experiencing the issue.  

0 Kudos

sdagley
Esteemed Contributor II
In response to santoroj

a month ago

@santoroj My suggestion about opening Keychain Access isn't something you'd do after the password prompt in Chrome, just open the Keychain Access app. It will allow you to determine if the user's login keychain isn't being unlocked when the user logs in to the Mac because the login keychain password isn't in sync with the Mac's password.

santoroj
New Contributor III
In response to sdagley

a month ago

@sdagley gotcha, let me check this, issue is that I am thinking when you hit the save changes button it will prompt for the password and still we will face the issue where it does not take the password for it, but still we will try. 

0 Kudos

tsweat
New Contributor

3 weeks ago

@santoroj did you ever find a resolution? I believe I am stuck in the same do-loop.

0 Kudos

santoroj
New Contributor III
In response to tsweat

3 weeks ago

I have not yet found any solution

0 Kudos

AlexHoffman
New Contributor III

a week ago

The workplace join key is their Azure password, not their Mac password. If the user is using the right password and still not able to authenticate, it's most likely a keychain issue. You can reset the keychain with a terminal command: sudo fdesetup authrestart

This does not affect any passwords already in the keychain, just resets the authentication protocol. This will prompt for username and password (mac password) and will reset the keychain authentication. Then I would try the workplace join password again. If that doesn't work, unenroll from Azure and reenroll the mac. Also worth checking that the Mac complies with any Azure compliance policies set for your org. 

0 Kudos