Microsoft's Device Authentication Token and Issues with Multiple User Identities (i.e. UIC and UIUC)

Body

About the Microsoft Device Token

You may have noticed recently that when accessing some sites on the Internet (such as your bank's website), you are prompted by the application to decide whether or not you wish to save/remember your current device. Doing so means that you do not have to enter your credentials when accessing the site on that device. When saving such a device, a token file is created somewhere on your device.

Microsoft Authentication, which is now used for most applications at both UIC and UIUC (but not UIS), creates a similar device token. Microsoft does not prompt you to decide, however, creating a token without informing you. This token is valid for hundreds of applications such as Box, Google, etc., so you no longer have to enter credentials for any of these sites.

There are various ways that this Microsoft device token can be created:

1. Logging into a computer with an Active Directory account.

2. Logging into an Edge user profile.

3. Logging into some Microsoft applications.

Accessing applications at both UIC and UIUC (or other organizations) from the same device 

This device token works for ONE and only one identity. If you have accounts at both UIC and UIUC, you have TWO identities. The device token can therefore prevent you from accessing UIC or UIUC applications depending on the identity of your device token. If you wish to access applications at both UIC and UIUC from the same device, you will need to circumvent this device token. One way to do this is by accessing the application from a browser started in incognito mode. Another way that usually works is to use a different browser vendor for each campus. For instance, Chrome for UIC and Firefox for UIUC.

Note that the above applies to a user with two Microsoft Online identities at any two organizations anywhere in the world, not necessarily just UIC and UIUC.

Sample image of error when attempting to login with a device token from another organization

Token Interaction with Campus Discovery Service

Some UIC/UIUC applications (such as UofI Box), are fronted by what's called a Campus Discovery Service. If your Microsoft token is for one campus but your Discovery Service campus selection is set to a different campus, the application login will fail. You can reset your Discovery Service campus selection here: https://discovery.illinois.edu/discovery/DS

Details

Details

Article ID: 2669
Created
Wed 3/8/23 2:03 PM
Modified
Thu 8/3/23 4:04 PM