locked
Question: Checkbox User must change password at next logon (internal login SSO): ADFS error message: ERR_ACCESS_DENIED RRS feed

  • Question

  • Hi,

    I have an issue at a customer and I haven't been able to find answers on Google.

    When a user logs on to O365 they will log in without a prompt due to SSO.

    When we enable the checkbox "User must change password at next logon" in Active Directory the use will not be able to log on, and in stead gets an ERR_ACCESS_DENIED on the internal network.

    If he tries it from outside the organization network, he is re-directed to the Reset your password page.

    Because of this, I assume that SSO tries to log in immediately, but because the user must first change his password before he can log in, he sees an error message.

    Unfortunately I don't find anything about this on the internet, are there other system administrators who have also encountered this?

    Monday, June 3, 2019 8:11 AM

All replies

  • The Password Update page is intended solely for external users (users going though WAP).

    If users have SSO, it means they are domain-joined. If there are domain-joined, the proper way to update the password is either to log-out and log-in again OR hit CTRL-ALT-DEL and pick Update password.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, June 3, 2019 1:49 PM
  • That's the solution to this?
    Monday, June 3, 2019 1:56 PM
  • That's nor really a solution. That's how its works. You are not supposed to mark a user with an expired password while its session is opened. It's really not an ADFS problem at this stage, your user ask for a ticket for ADFS and you got an auth error.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, June 3, 2019 4:40 PM