[ ] Bug
[X] Enhancement
[X] Office 365 / SharePoint Online
[ ] SharePoint 2016
[ ] SharePoint 2013
If SharePoint on-premises, what's exact CU version:
Currently, when passing -UseWebLogin in Connect-PnPOnline, it leverages the default user's credentials. When administering systems such as SPO, companies often implement an elevated access account process.
The existing implementation of the -UseWebLogin parameter doesn't allow you to pass a specific account.
When specifying -UseWebLogin, credentials are automatically passed depending on the environment configuration to SharePoint Online.
Implement AD FS in a federated scenario with O365. With accounts replicated from AD DS to AAD via AAD Connect, log in with a non-privileged account to O365 via your default browser while logged into your Windows desktop with the same account. Provided AD FS is configured properly, the authentication may silently occur using Windows Integrated Auth.
In the same Windows session, using the PnP cmdlet, run:
Connect-PnPOnline https://tenant-admin.sharepoint.com -UseWebLogin
Instead of allowing you to specify credentials on the popup, your Windows desktop credentials are passed instead which may lead to a 403.
I've the same error. Any updates please? Thanks!
I believe i am having a similar issue. any news?
I also have this issue when i have one credential and is saved using web login.
The -UseWebLogin should have also the -ClearTokenCache used with the -SPOManagementShell to clear and give the option to choose another account.
-SPOManagementShell should be the same - as it reuses the same adal app. As for -UseWebLogin it's stored in the IE cache and impossible to clear/control in Windows 10 :( I have really tried. Web login usually works fine as long as you never check "remember me" ever. Can this be closed now?
Thanks. I do believe this should just be the default behavior (to use ADAL) with the increasing number of deployments of MFA and strong recommendation by Microsoft to leverage MFA. It makes little sense to use classic credentials in any context with SPO, at this point.
Most helpful comment
Thanks. I do believe this should just be the default behavior (to use ADAL) with the increasing number of deployments of MFA and strong recommendation by Microsoft to leverage MFA. It makes little sense to use classic credentials in any context with SPO, at this point.