Happy Friday! With the launch of our preview version of Active Authentication, it's been a fun week in the Active Directory team. But before we head out for Father's day BBQ's, I wanted to let you know about two additional changes we’ve made to our login UX that make it easier for users with multiple accounts or who work from a shared PC to sign in.
When we launched Office 365 two and a half years ago, our login page offered two login options: “Remember Me” and “Keep Me Signed In” (KMSI):
Here’s a picture of the old login page:
And here's the new one:
In the new design, we’ve removed the “Remember Me” checkbox and changed the behavior of the “KMSI” option to allow for more flexibility.
Checking “KMSI” will keep you signed in, even if you close and reopen your browser. And when you explicitly sign out, your account (but not your password) will still be remembered on the computer making it easier to sign in next time.
If you’re share a computer with co-workers or have multiple accounts that you use, the login page now makes it easy to work with multiple accounts by showing multiple user tiles for all the accounts that have logged in from a given PC.
To use this capability, simply check “KMSI” when you sign in. When you or a colleague subsequently signs in with a different user account, the login page will remember this account too, and present a list of accounts for this device and browser.
All you have to do is click on the badge icon and enter the associated password to log in.
Of course, if you’re using a public computer, we strongly recommend that you don’t check “KMSI” and that you sign out explicitly when you’re done!
You can also remove a user tile if you want by selecting it, then clicking “Forget this account”: at the bottom of the dialog:
The login page can remember and display up to 3 user accounts. We hope to figure out if this is a good number or we need to change based usage data from this preview and your feedback.
This feature is currently in public preview. To use it you need to turn it on by visiting our opt-in page.
Note: All the pictures in this post show the login experience for Office 365. If you are logging in to Windows Azure or Dynamics CRM or another applications integrated with Windows Azure AD, the login experience will be the same, but the property logo will be updated accordingly.
Have a great weekend!
Alex Simons (twitter: @Alex_A_Simons)
Director of Program Management
Does opt-in take time to apply to Azure AD? I opted in on Monday and it does not work for me...cleared cookies.
I assume you're talking about opting in to preview the Multiple User Tiles feature. This is instantaneous. To opt in, visit login.microsoftonline.com/optin.srf and click on the blue opt-in button. When you do this, we drop a cookie on your computer that tells Azure AD that it should remember more than one user account. Note that you need to opt in with the same browser you will be using to sign in, and that you need to check “keep me signed in” if you want your account to be remembered for future use. If you've cleared your cookies, you'll need to opt in again.
Let us know if you have any other question.
I am also unable to get this to work based I my understanding of this post. I have two O365 accounts I use (one corporate and one demo tenant). I can't even got to a sign-in screen for a second user if I selected the "KMSI" option. I performed the following steps:
1) Cleared all cookies in browser (just in case)
2) Opted-in to the multiple user option
3) Signed into corporate O365 account with "KMSI"
4) Attempt to browse to a second tenant.
After doing this, I am unable to get to demo tenant...it keeps trying to immediately sign me in to my corporate account and getting the error: "That didn't work"..."We're sorry, but firstname.lastname@example.org can't be found in the tenant.com directory. Please try again later, while we try to automatically fix this for you". "Click here to sign in with a different account to this site." just goes in an infinite loop signing the corporate account back in. Seems like "KMSI" locks that account signed in. Interestingly, it works in fins in Chrome...just not IE :(
The experience you describe is normal. The error message you describe is shown by SharePoint Online, which basically tells you that "User A" is not authorized to access "Tenant B". And clicking on the "sign in with a different account" should take you back to the login page.
Let's take a look at the infinite loop you're experiencing. Can you please reach out privately to AADLoginUXFeedback at Microsoft dot com?