Issue: While accessing any Microsoft SSO (Brightspace, Company Portal, Outlook) on a registered MacOS device, in some cases users might encounter an issue regarding a Microsoft Workplace Join Key error. The attached image below is an example of the issue:
Cause: This issue arises due to a misconfiguration in the key chain access settings for the "Microsoft Workplace Join Key." It can occur if the key chain entry is not trusted or if the access control list (ACL) for the key is not properly set to allow Google Chrome to access it. Ensuring the key is trusted and adjusting the ACL to permit Chrome can resolve the problem.
Solution: Here are the steps to resolve this issue:
1) Double click on the Certificate.
2) When the password prompt appears, click on the '?' button.
3) Once macOS User Guide page opens up, select the 'Open Keychain Access for me' link.
4) Select 'Open Keychain Access' , enter in your Mac password and then choose 'System' under 'System Keychain' on the side menu.
5) Start searching on the top right search bar for the certificate name. The name should match with the subject name of the browser 'Select a certificate' pop up.
6) Once you click on the correct certificate, select the 'Trust' drop down and then change 'Use System Defaults' to 'Always Trust'.
NOTE: The MS-Organization-Access certificate is issued by Azure AD and is used to authenticate and manage devices that are joined/registered to an organization's network. It helps ensure secure access to organizational resources by validating the device's identity. When you change the Trust setting to "Always Trust" for a certificate in Keychain Access, you acknowledge that your Mac will automatically trust that certificate (MS-Organization-Access) for all users without prompting you for approval. For more information, view the Apple user guide here: Change certificate trust policies on Mac - Apple Support (CA)
7) After changing the Trust option, close the certification information, which will prompt you to sign in. Please enter your Mac password and choose Update Settings.
8) You can now close the Keychain Access program and make a new tab on your browser and then try and webpage that was having the keychain issue again.
9) When the you get the prompt again, this time please enter your device password and then select 'Always Allow'
You should now be able to access the webpage.
If the steps above does not work, please reach out to IT Service Desk or submit a ticket. You can reach out to IT Service Desk and submit a ticket here: Help & Support | Information Technology Services