23 thoughts on “Enabling web sign-in to Windows for usage with Temporary Access Pass”

  1. Is there a way to make password sign-in the default while having the web sign-in as an available option? In my testing, enabling web sign-in makes it the default. If you check the registry password sign-in is still the default but that is not the experience to the user. This may be a Windows 10 glitch. What is your experience with this?

    Reply
    • Hi George,
      I’m at least not seeing that behavior with newly deployed devices. I do know that there is a GPO setting (Assign a default credential provider) that could be used to set a default credential provider.
      Regards, Peter

      Reply
  2. Is there a way to use this now? If we configure this we always must logon with Temporary Access Pass otherwise the logon failed. In our scenario we want to use this with MFA (Pushnotifciation or SMS). That’s not possible any longer? Users wil get: Access Pass must be used for Web Sign In. Contact your admin to get an Access Pass.

    Reply
  3. Hi! Encountered this: AADSTS130506: Access Pass must be used for web sign in. Contact your admin to get an access pass. have been using web sign in as a option for a while now and all of a sudden when trying to log in with web sign in we suddenly get this error forcing TAP for web sign in. no clue as to why.

    Reply
  4. Hi Peter,

    I’m hoping you can help me / point me in the right direction.

    We were previously using Web Sign-In exclusinvely with passwordless for PC’s in Meeting Rooms and other Shared PC’s.

    With recent changes, Web Sign In has stopped working with Passwordless and now only works with Temporary Access Pass.

    This has broken ALL shared Win10 PC’s across our entire client base, requiring an urgent change of direction.

    If we are in a true passwordless environmment, how should we be targeting User authentication on shared Windows 10 devices that are used infrequently by Users?

    We’re in a sticky situation with this and currently issuing TAP’s to all Users until we identify and implement the solution.

    Any help would be greatly appreciated.

    Cheers
    David

    Reply
  5. hello,

    thanks for this explanation of TAP. I try to use in autopilot/intune scenario but they doesn’t works.

    It works after enrollement and intune deployement, but not just after the autopilot configuration.

    I’m on the loggin password text box and i have not the “sign in option”, even with a bad password.
    If i’m loggin, the intune deployment continue, if i lock the session, i have sign in option directly.

    i’m on win10 20h2
    no mfa on my user

    Reply
  6. Peter,
    I’ve tried setting it up, but i’m running into a problem when enrolling a new device.
    The first time logon screen works fine and asks for the TAP.
    The second time however we need to use the web sign-in function.
    The policy itself works fine, but new devices don’t receive the policy before the second login.
    Did you run into this issue and if so, how did you fix it?

    Thanks in advance

    Reply
  7. Hi Peter:

    Thank you for this article. It has been very helpful.

    We are able to use TAP using Web sign in after initial onboarding using Auto Pilot. However, the option to use TAP and web sign in logo do not appear as part of Auto Pilot.

    We are able to login using Security Key as part of the Autopilot.

    Is TAP supposed to work with Autopilot? We appreciate your help and expert guidance.

    Reply

Leave a Reply to Peter van der Woude Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.