Hello,
We've setup our office 365 to be federated with the workspace one access environment.
Now we've started with autopilot to enroll windows devices in WSO UEM, the enrollment succeeded but now i can't login anymore into the device with my azure credentials, only with my windows hello pin i've setup during OOBE.
In the logging of WSO Access i see this:
{
"baseType" : "Action",
"uuid" : "3c102767-cdb0-49ca-964b-04e904eecc79",
"timestamp" : 1643295393441,
"organizationId" : null,
"tenantId" : "****",
"actorId" : null,
"actorUserName" : "m*****.v****",
"actorDomain" : "******",
"actorUuid" : null,
"clientId" : null,
"deviceId" : null,
"workspaceId" : null,
"sourceIp" : "213.10.",
"objectType" : "LOGIN",
"objectId" : null,
"objectName" : null,
"values" : {
"deviceType" : null,
"soapaction" : "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue",
"userAgent" : "Windows-AzureAD-Authentication-Provider/1.0",
"authMethods" : "Password",
"xRealIp" : "10.20.30.113",
"xForwardedProto" : "https",
"success" : "false",
"host" : "stichting-*******.vmwareidentity.eu",
"xForwardedFor" : "213.10., 10.20.30.113, 10.20.22.170",
"xMsClientApplication" : "Windows-AzureAD-Authentication-Provider/1.0",
"actorExternalId" : null,
"failureMessage" : "subscription.not.found",
"xForwardedPort" : "443"
}
}
How can i resolve this?
Thanks in advance for any reply.
Please try adding below custom claim rule to your ADFS RP....
NOT EXISTS([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/
x-ms-client-application", Value =~ "(Windows-AzureAD-Authentication-Provider)"])
=> issue(Type =
"http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod",
Value = "http://schemas.microsoft.com/claims/multipleauthn");
Thanks for your reply, but why on the ADFS? The ADFS isn't used.
Did you get this issue solved. We are facing the same problem