MacOS Computer: Troubleshooting Keychain Security Alert

Summary

This article provides steps to resolve a "Microsoft Workplace Join Key" security alert while accessing Microsoft Single Sign-on (SSO) services (such as Company Portal, Outlook, M365 apps, OneDrive, etc.) on a USNH-managed MacOS computer.

Body

Summary

This article provides steps to resolve a "Microsoft Workplace Join Key" security alert while accessing Microsoft Single Sign-on (SSO) services (such as Company Portal, Outlook, M365 apps, OneDrive, etc.) on a USNH-managed MacOS computer.  This article has steps to trust a certificate and adjust "allow" permissions so these services can sign on without error.

 

Environment

This issue has been reported on USNH-managed MacOS computers which have been migrated to Intune management.

 

Issue

You may receive a "Microsoft Workplace Join Key" security alert while accessing Microsoft Single Sign-on (SSO) services (such as Company Portal, Outlook, M365 apps, OneDrive, etc.) on a USNH-managed MacOS computer. The alert says something like "Google Chrome wants to access key 'Microsoft Workplace Join Key' in your keychain. To allow this, enter the 'login' keychain password." This image is an example of the alert:

browser "key access" security alert

 

Cause

This issue arises due to a misconfiguration in the keychain access settings for the "Microsoft Workplace Join Key". This can occur if the key's certificate is not trusted or if the access control for the key is not properly set to Allow the web browser to access it.  Ensuring the key is trusted and adjusting the access control to allow the web browser can resolve the problem.

 

Resolution

Task:  Adjust keychain access settings for Microsoft Workplace Join Key

Instructions

Step 1 - Quit out of any open web browsers on your MacOS computer.

Step 2 - Open the Keychain Access app and select "Open Keychain Access" from the prompt. 

Step 3 - Type in your MacOS account login password 

 

Trust the Certificate Issued by "MS-Organization-Access"

Step 4 - Click "login" on the left side under Default Keychains and "Certificates" at the top.

Keychain Access with "login" and "Certificates" selected, and "Issued by: MS-Organization-Access" highlighted

 

Step 5 - Find the certificate that is Issued by "MS-Organization-Access".

  • It's Name will look like a random string of letters and numbers.
  • Click on certificates one-by-one until you find one that says Issued by: MS-Organization-Access at the top.

Step 6 - In the list, double-click on the certificate that is Issued by: MS-Organization-Access.

Certificate list with certificate "Issued by: MS-Organization-Access" marked - Uploaded Image (Thumbnail)Click for full-size image

 

Step 7 - In the certificate pop-up, click the arrow to expand the "Trust" section. 

Step 8 - In the "When using this certificate" drop-down, select "Always Trust"

Trust section with "Always Trust" selected

 

Step 9 - Click the red dot to close the certificate window.

Step 10 - When prompted, enter your MacOS account login password to allow the change to the certificate.

 

Adjust Access Control for the "Microsoft Workplace Join Key"

Step 11 - Find the same certificate as in Step 5 above and click the arrow to the left of its name to expand the certificate.

Step 12 - Double-click on the "Microsoft Workplace Join Key" below the certificate.

Certificate expanded in list, with "Microsoft Workplace Join Key" marked - Uploaded Image (Thumbnail)Click for full-size image

 

Step 13 - Switch to the Access Control tab.

Step 14 - Select "Allow all applications to access this item".

Step 15 - Click Save Changes.

Access Control tab with "Allow all applications to access this item" marked

 

Step 16 - When prompted, enter your MacOS account login password to allow the change to your keychain.

Step 17 - Close the Keychain Access window.

Step 18 - Go back to the resource that was giving you the keychain issue and try to access it again. 

Step 19 - This time when you get the "Microsoft Workplace Join Key" prompt, enter your MacOS account login password and select "Always Allow" (do NOT press Enter key).

Browser access key permission pop-up with "Always Allow" selected

 

Outcome

You should now be able to access the M365 resources you need on your USNH-Managed MacOS computer without getting this security alert.

 

Further Readings

MacOS Computer: Intune Migration for USNH Managed MacOS Computers

 

Need additional help?

If these steps don't work or you need help with them, feel free to bring your computer to one of our walk-up locations.  We recommend making a walk-up appointment so we can prepare for your visit, but an appointment is not required. Alternatively, you can book a remote support session with one of our technicians.

To submit a support request ticket, please fill out the Computer and Device Support webform with as much detail as possible (screenshots welcome!), or contact the Technology Help Desk team on your local campus. For password issues you must call or visit the Help Desk in person.

 

Details

Details

Article ID: 5460
Created
Fri 4/3/26 5:39 PM
Modified
Tue 4/7/26 9:40 AM
Applicable Institution(s):
Keene State College (KSC)
Plymouth State University (PSU)
University of New Hampshire (UNH)
USNH System Office