30 thoughts on “Enabling web sign-in to Windows for usage with Temporary Access Pass”

  1. Is there a way to make password sign-in the default while having the web sign-in as an available option? In my testing, enabling web sign-in makes it the default. If you check the registry password sign-in is still the default but that is not the experience to the user. This may be a Windows 10 glitch. What is your experience with this?

    Reply
    • Hi George,
      I’m at least not seeing that behavior with newly deployed devices. I do know that there is a GPO setting (Assign a default credential provider) that could be used to set a default credential provider.
      Regards, Peter

      Reply
  2. Is there a way to use this now? If we configure this we always must logon with Temporary Access Pass otherwise the logon failed. In our scenario we want to use this with MFA (Pushnotifciation or SMS). That’s not possible any longer? Users wil get: Access Pass must be used for Web Sign In. Contact your admin to get an Access Pass.

    Reply
  3. Hi! Encountered this: AADSTS130506: Access Pass must be used for web sign in. Contact your admin to get an access pass. have been using web sign in as a option for a while now and all of a sudden when trying to log in with web sign in we suddenly get this error forcing TAP for web sign in. no clue as to why.

    Reply
  4. Hi Peter,

    I’m hoping you can help me / point me in the right direction.

    We were previously using Web Sign-In exclusinvely with passwordless for PC’s in Meeting Rooms and other Shared PC’s.

    With recent changes, Web Sign In has stopped working with Passwordless and now only works with Temporary Access Pass.

    This has broken ALL shared Win10 PC’s across our entire client base, requiring an urgent change of direction.

    If we are in a true passwordless environmment, how should we be targeting User authentication on shared Windows 10 devices that are used infrequently by Users?

    We’re in a sticky situation with this and currently issuing TAP’s to all Users until we identify and implement the solution.

    Any help would be greatly appreciated.

    Cheers
    David

    Reply
  5. hello,

    thanks for this explanation of TAP. I try to use in autopilot/intune scenario but they doesn’t works.

    It works after enrollement and intune deployement, but not just after the autopilot configuration.

    I’m on the loggin password text box and i have not the “sign in option”, even with a bad password.
    If i’m loggin, the intune deployment continue, if i lock the session, i have sign in option directly.

    i’m on win10 20h2
    no mfa on my user

    Reply
  6. Peter,
    I’ve tried setting it up, but i’m running into a problem when enrolling a new device.
    The first time logon screen works fine and asks for the TAP.
    The second time however we need to use the web sign-in function.
    The policy itself works fine, but new devices don’t receive the policy before the second login.
    Did you run into this issue and if so, how did you fix it?

    Thanks in advance

    Reply
  7. Hi Peter:

    Thank you for this article. It has been very helpful.

    We are able to use TAP using Web sign in after initial onboarding using Auto Pilot. However, the option to use TAP and web sign in logo do not appear as part of Auto Pilot.

    We are able to login using Security Key as part of the Autopilot.

    Is TAP supposed to work with Autopilot? We appreciate your help and expert guidance.

    Reply
      • Hi Peter:

        We have enabled TAP for all users. Here is what we are seeing.

        – TAP works for web app sign in
        – TAP works **AFTER** logging into Windows device for the first time.
        – TAP does NOT work while trying to login to the device fir the first time.

        The only option we see is Security Key (which works) and Password based authentication. If it helps we are also using third party IdP with Azure AD tenant in a federated mode.

        Regards,

        Ashwin

        Reply
        • Hi Ashwin,
          I don’t have recent experience with that combination. What I can do is run some tests after my vacation, to see what the current behavior is in an (Azure) AD only environment. Even in that scenario, the behavior has been on and off..
          Regards, Peter

          Reply
  8. We have been testing this for a few months now, until today …… a number of Users on different computers all of a sudden are unable to sign-in with a “New User” login and no option to do anything on device. The username behind this display name is DefaultUser100000. Only fix is to shutdown and turn on again a number of times before getting option for “Other User” then signing in.
    I have seen a few reports that this is due to the Web Sign-in, but wanted to get others feedback on this.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.