NOTE: Information good as of 8/25/2015 and is subject to change!
When trying to sign in with any of the desktop apps, you may encounter an error when you are using Active Directory Federated Services in combination with Azure Active Directory.
This could include the following items.
- Mobile Apps (iOS, Android, Windows)
- Power BI Desktop when using Organizational account
- Analysis Services Connector
- Personal Gateway
You will encounter errors similar to the following.
This can happen if you are not allowing Forms Authentication from an internal perspective within your ADFS configuration.
NOTE: With either ADFS 3.0 or 2.0, they could be in a Web Farm with multiple ADFS Servers. You will need to make this change on all servers within the Farm.
If you are using ADFS 3.0, you will want to open the ADFS Snap-in and click on the Authentication Policies folder within the left navigation.
Under the Actions on the right hand side, click on Edit Global Primary Authentication.
Then make sure that Forms Authentication is selected and click OK.
You will need to restart the ADFS Services, and/or the machine.
For ADFS 2.0, you can follow these steps to change the Authentication Modes within IIS.
AD FS 2.0: How to Change the Local Authentication Typehttp://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx
After these changes are done, the Power BI Client applications should allow you to log in successfully. If that didn’t correct the issue, you may be encountering something else. Or, make sure you applied these changes to all of the services in the ADFS farm if there is more than one.