Skip to content

Version 2.34 Breaks Secondary Account Use Authentication UX #3481

New issue
New issue
Closed
Closed
Version 2.34 Breaks Secondary Account Use Authentication UX#3481
Labels
Status: Won't Fix
@nkasco

Description

@nkasco
nkasco
opened on Dec 23, 2025

Describe the bug

With forced use of WAM the logon experience for those who rely on dedicated secondary Service Administrator accounts for administrative actions is significantly hindered. This is because the secondary account is (intentionally) not registered to the caller's device, and as such the only way to login is to put full explicit login credentials, including email and password + MFA, each time.

Expected behavior

WAM was fine as an optional feature for those who desired it, but to force it upon users will simply lead to less adoption of new versions, or manual writing/adoption of non-MS modules, both which may lead to inadvertent security vulnerabilities.

WAM can be the default, but should not be mandatory. Maintaining the prior delegated authentication auth code method also allows for Passkey authentication use with the secondary account.

How to reproduce

Auth with 2.34 using a secondary account not registered/cached on the calling device.

SDK Version

2.34

Latest version known to work for scenario above?

2.33

Known Workarounds

No response

Debug output

Click to expand log ``` 
</details>


### Configuration

_No response_

### Other information

_No response_

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: Won't Fix

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions