Outlook 2016 spinning "signing in" to O365 with DesktopSSO/IWA enabled (SSL also enabled) Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Matt HuffMatt Huff 

Outlook 2016 spinning "signing in" to O365 with DesktopSSO/IWA enabled (SSL also enabled)

We have a sporadic occurance that certain users will occasionally see a "signing in" box that gets stuck when launching Outlook 2016. SSL has been enabled on our IWA server. Testing the URL https://DESKTOPSSO/IWA seems to work as intended from the client machines in question. One thing is that it seems to happen more often over a VPN connection, where the user is remote and our DesktopSSO IWA server is local. I have increased the timeout in the IWA app, but it didn't seem to have an effect.

The only way to allow the user to sign-in using Outlook in these situations is to turn off IWA temporarily from our Okta settings, and then re-enable it once their Outlook has connected. This doesn't seem like a sustainable approach. A few other observations: a review of the firewall logs show that the user's laptop is not initiating any communication a the moment Outlook is stuck at "signing in." Nothing is being blocked as far as I can tell. The Outlook client never times out and will stay stuck at signing in forever unless we disable Desktop SSO temporarily. After turning off Desktop SSO/IWA, the forms based Okta sign-in page will appear, and Outlook will authenticate.

I'd love to get this solved. Are there any suggestions that will prevent Outlook 2016 from getting perpetually stuck in the "sign in" phase?

Bogdan AndrisanBogdan Andrisan (Okta, Inc.)
Hello Matt,

This could generally occur because of a communication issue. Based on your tests it could be at the IWA level, so did you also check if restarting the IWA service helps?
Also, if you have multiple IWA Apps, could you check if this occurs on any Application?
If these tests also do not help I would recommend opening a ticket with Support to further investgate this behavior.

Thank you,
Bogdan Andrisan
Matt HuffMatt Huff
Yes to the restart of IWA. It is only one app, Office 365, specifically Outlook 2016. Browser sessions to the Office 365 browser apps work fine. It's confined to just Outlook 2016 being stuck on the "signing in" popup screen (with a spinning circle). Unfortunately, when the issue occurs, people are waiting for thier Outlook to work so they can use email, so I typically just turn off the Desktop SSO temporarily, which will let Outlook authenticate via the Okta web form, and then I'll turn Desktop SSO back on after the stuck Outlook has connected. Since it's sporadic, and not easily replicated, I don't know how to have support assist (it doesn't do it all the time). I guess I'll just keep doing my workaround of temporarily turning off Desktop SSO on the Okta settings, and then turning it back on. If it becomes too much of a consistent issue, I'll contact support again.


kyle ckyle c

we are also seeing this issue as well.  As a workaround we've had to disable modern auth (internal only) for the handful of users reporting this behavior.

Disable ADAL - [HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL] - REG_DWORD "0"

Likewise w/ Matt, we seem to be isolated to the outlook app and OWA works as expected.

Jeff DoeJeff Doe
The workaround worked for us, however has Okta support added any new comments to this, we are experiencing the same issue.
kyle ckyle c
We ended up hearing from MS to apply the following registry key to avoid MS WAM.  Supposedly this known error should be resolved on an upcoming hotfix, but until then, the following registry key mitigates the issue and still maintains ADAL.

[HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\DisableADALatopWAMOverride] - REG_DWORD "1"