Autotask PSA: Authentication Error When Configuring Microsoft Outlook Extension

Follow

Issue

I am encountering an authentication error when configuring Microsoft Outlook Extension. I encounter this error even after correctly entering my credentials. 

Environment

  • Autotask PSA

Cause 

The most likely cause for this behavior is because the wrong Address is listed on the login tab of the Outlook Extension Options. When the tab opens, by default the URL is www.autotask.net, and not the user's zone-specific URL. The image below is intended to help better illustrate the issue:

2FA_Outlook.png

 

Resolution

Enter the address of the specific Autotask database. For example, ww3.autotask.net. Be sure to specify the correct Autotask zone, as indicated by the number following ww.

Using the Outlook Extension with 2-Factor Authentication and/or Single Sign-On

Ensure that the user has the most recent version of the Outlook Extension as older versions do not support 2FA / SSO.

2-FACTOR AUTHENTICATION

2-Factor Authentication, the user must enter the correct username and password on the initial setup, at which point they will be prompted for a one time password. For future sessions in Outlook, they will only be prompted for their 2FA token upon launching Outlook. By default, the one-time password is masked. To display the one-time password characters, click the show check box.

If the user does not enter the correct the URL to reflect their own zone-specific URL for Autotask and instead leaves the generic www.autotask.net, they will get an error message during authentication that states: The OTP token is invalid. Please enter a value and try again.

 

OTP_Token_Invalid.PNG

Note: This is expected behavior since the extension cannot properly exchange the 2FA token back to the generic URL. It must be configured with the customer's zone-specific URL.

SINGLE SIGN-ON 

If using Single Sign-On, the user must enter their correct username but can enter any value for the password field. The password is ignored when SSO is enabled and the window to authenticate through their Identity Provider will appear each time they open Outlook, similar to what occurs for 2FA.

Note: Similar to 2FA a user should ensure they have their zone-specific URL entered when configuring the extension. In addition, due to the way the pop-up window launches and the utilization to temporary cookies in that window for an SSO login flow, a user's browser settings for Internet Explorer must be configured exactly per our documentation. See Configure Your Browser Settings.

Additional Resources


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage