We had issues where federated users were continually prompted from their username and password when trying to sync their OneDrive for Business account. Even if you typed the password correctly authentication still failed. We were directed to this KB Article
Our specific problem was resolved by disabling Extended Protection for Authentication, which can be completed via Powershell.
To disable Extended Protection for Authentication for active clients, perform the following procedure on the primary AD FS server:
- Open Windows PowerShell.
- Run the following command to load the Windows PowerShell for AD FS snap-in:
- Add-PsSnapIn Microsoft.Adfs.Powershell
- Run the following command to disable Extended Protection for Authentication:
- Set-ADFSProperties –ExtendedProtectionTokenCheck “None”
