Better handling of logins for login.microsoftonline.com -- autofill behaviour: starts with?

ShadowXVII
ShadowXVII
Community Member
edited June 2023 in 1Password in the Browser

As more and more people use Authentication services like Azure AD, we end up with logins for various different Tenants that all log-in via the login.microsoftonline.com domain.

The identifier in the URL is the tenant ID which follows the https://login.microsoftonline.com/<tenantid> convention. The tenant ID doesn't always have to be a GUID either -- it may be a text domain which is supported also. /common/ is used for generic Microsoft accounts.

For example these two tenants might have two different logins (I've generated random GUIDs):

  • https://login.microsoftonline.com/e81aa1a1-24b7-450f-bfd9-ed522e1c041c/other-paths/?and-query=strings
  • https://login.microsoftonline.com/9f68a234-747c-43a8-8260-49fcba945d18/other-paths/?and-query=strings

The login for Tenant e81aa1a1-24b7-450f-bfd9-ed522e1c041c might be user1@somedomain.com
The login for Tenant 9f68a234-747c-43a8-8260-49fcba945d18 might be userY@anotherdomain.com

The issue

In a vault with 100 different logins for various tenants, on any given login scenario the list of auto-fill options presented by 1Password is:

  1. Really long making it difficult to find the correct entry
  2. Shows entries that won't work in the login form

In the login we could set the website to be https://login.microsoftonline.com/ however as it doesn't vary by domain or sub-domain the filtering and auto-fill components don't apply here.

Possible solutions?

I'm thinking of solutions which could either be to:

  1. Add some sort of specific handling for login.microsoftonline.com to respect the Tenant ID (if supplied) in the website.
  2. The more "universal" solution would be a new **auto-fill behaviour option to require it to "start with**" the URL (not just the domain options). That way only entries for a given tenant should be shown when logging into https://login.microsoftonline.com/

Anyway, that's the issue -- open to ideas on how to solve it, but I feel like there's a gap without a "starts with" autofill behaviour.

Regards,
Jake

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows
Browser:_ Chrome

Comments

  • Joy_1P
    Joy_1P
    1Password Alumni
    edited June 2023

    Hey @ShadowXVII, sorry for the delay in responding. It sounds like you might be able to make use of 1Password's USO feature, which saves, remembers, and fill logins in your browser when you sign in to websites with providers like Microsoft and Google: https://support.1password.com/sign-in-with-provider/

    That said, I'd like to ask a few questions to better understand how you're trying to use 1Password and to provide better guidance:

    • Could you let me know why the logins for various tenants are all stored in a single vault? Why doesn't each tenant have their own account or vault that only they can access? I may be reading this incorrectly, or I might be misunderstanding. If you can provide some context, that would be great.

    • Could you point us to a form on which one of your logins are suggested but do not work? Would the USO feature help with it?

    Let's start there. I look forward to hearing from you again.

This discussion has been closed.