Azure AD Cloud-only Authentication Expected Experience

Last updated: February 1, 2023
Audience: All UW

This description represents via words and pictures what an uw.edu Azure AD user can expect to experience at sign-in.

Step 1: The Microsoft sign-in page.

https://login.microsoftonline.com should be the URL of the Microsoft sign-in page.

You should enter your user principal name (UPN), e.g. pottery@uw.edu.

Important: The "Can't access your account?" link in this Microsoft interface is non-functional for UW Microsoft accounts. Clicking it will result in a "Get back into your account" page which will not be constructive. To recover your account, use the UW NetID system.

Note: you may be asked to choose a work/school account or personal account immediately after step 1. SeeĀ /tools-services-support/it-systems-infrastructure/msinf/other-help/faq/aad-terms/#accountTypes for more info.

Step 2: Enter password in Microsoft sign-in page

The Microsoft sign-in page detects your @uw.edu UPN and reacts by giving you the appropriate UW authentication experience. You will need to enter your password in the Microsoft sign-in page, as shown below:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You enter your UW NetID password into the password field.

Important: The "Forgot my password" link in this Microsoft interface is non-functional for UW Microsoft accounts. Clicking it will result in a "Get back into your account" page which will not be constructive. To recover your account, use the UW NetID system.

Step 3: Duo 2FA challenge (may not be required)

Assuming you entered a valid password, if 2FA is required, you’ll be directed to a Duo 2FA page https://us.azureauth.duosecurity.com/authorization as shown here:

This page is slightly different than the Duo 2FA experience from the UW Shibboleth identity provider. Note the UW logo. You should see the same authentication methods that you have enrolled in via https://identity.uw.edu. The default method should fire automatically, but you can manually pick any of the methods listed.

Note: This screen will only show the last 4 digits of any phone number used as an authentication method. For privacy purposes, we’ve blurred these in the screenshot above.

Step 4: Stay signed in (SSI)

After you’ve successfully passed the Duo 2FA challenge (or just the password challenge, if 2FA wasn’t required), you should be redirected to the following page, with a question about whether you want to stay signed in:

Note the UW logo at the top, the UPN you entered in step 1, and the UW-specific help text at the bottom.

You can select either option. If using a public or shared computer, such as a kiosk, you should choose No.

After selection, you should be redirected to the application that started the Azure AD sign-in process.