Failed to obtain access token

Problem

When you are trying to log in to KONNEKT you get the error message "Failed to obtain access token".

Cause

KONNEKT does not support having "Excluded Apps" in a MFA-requiring Microsoft Entra (Azure AD) Conditional Access policy in combination with a non-SSO Windows session.

Workaround

Our recommended workaround is to enable the Windows machine for holding a Primary Refresh Token (PRT) e.g. by Entra Join (AAD Join) or Register. Please see here for details.

Other alternatives are (not really recommended):

Remove MFA requirement from the corresponding Conditional Access Policy. To keep some security for CA policies without MFA, you could enforce Trusted Locations (e.g. public IP addresses of your VDI hosts)

use a Conditional Access Policy without "Excluded Apps". Please also see Conditional Access configuration.

Solution

A solution was implemented in KONNEKT version 2.10 - "Enhanced OAuth".

PreviousFailed to obtain access token to your OneDrive account NextAdd Share: "Key not found"

Last updated 3 months ago