Thursday, July 6, 2017

"Sorry, another account from your organization is already signed in on this computer" - SharePoint Online | Office Apps

OVERVIEW

This issue first popped up in my business' tenant. My office staff were losing their minds and of course not happy with the IT department (okay, me). I have since seen this issue multiple times in my own business as well as my clients.

Inevitably the issue is raised as a SharePoint issue (stupid SharePoint!), something along the lines of:
"I cannot open any SharePoint documents! I get access denied!"
Well..., not so fast. This time, SharePoint is not the issue (yeah, I know, I first, right?) The issue resides with Office 2013(+) apps (whichever version).

In Office 2013(+) apps, you can access Office 365 content in SharePoint Online by providing your Office 365 user ID and password. If you have multiple Office 365 user IDs from different organizations, you can access content from the SharePoint Online deployments of each organization.

However, Office 2013(+) only supports signing in one Office 365 user from each tenant or organization per session.

Office 2013(+) makes a best effort to prevent a user from signing in when another user from the same organization is already signed in. However, there may be cases in which this scenario is not detected, and Office 2013(+) user interface may show that another user is successfully signed in. In this case, the second user cannot access his or her own content. All Office 365 content that he or she tries to open will be performed by using the first user’s credentials.

Be aware that Office 2013(+) respects the permissions of all documents and SharePoint Online libraries. That is, if the first user doesn’t have access to a document that the second user has access to, and the second user (who thinks he or she is signed in) tries to open that document, the document will not open because Office tries to open the document as the first user.

To fix this scenario, the signed-in user can sign out of Office 2013(+), and then restart his or her computer. Doing this makes sure that a clean state is present when the other user tries to sign in again.

PROBLEM

When you try to sign in to an Office 2013(+) app by using your Office 365 user ID and password, you receive the following error message:
"Sorry, another account from your organization is already signed in on this computer."
This behavior is expected. It occurs if you are already signed in to Office 2013(+) by using a different Office 365 user account in the same organization.

WORKAROUND

This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

Note: I do not recommend this workaround because some account settings may be lost. Additionally, I have fixed this issue for more than a dozen people without touching the registry (step 3), fwiw.

To work around this behavior, remove the existing user account and all connected services from your Office 2013(+) profile, and clear cached credentials that may be on the computer.

Step 1
  1. Remove the user account from your Office 2013(+) profile
  2. In the upper-right corner of the Office 2013(+) app, click your name, and then click Switch Account.
  3. On the Accounts screen, click Sign out.
  4. Locate the account that you want to remove, and then click Sign out.
Step 2
Remove connected services from your Office 2013(+) profile
  1. Go to File, and then click Account.
  2. Under Connected Services, remove all the services for the existing account.
Step 3 (see warning above)
Clear cached credentials on the computer
  • Edit the registry to remove cached credentials. To do this, follow these steps:
    1. Click Start, click Run, type regedit, and then click OK.
    2. In Registry Editor, locate the following registry subkey: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity\Identities
    3. Select the Office account that you want to delete, and then click Delete.
    4. In the Identity subkey, locate Profiles, right-click the same Office account that you deleted in step A3 of this procedure, and then click Delete.
    5. Exit Registry Editor.
  • Remove the cached credentials in Credentials Manager. To do this, follow these steps:
    1. Open Control Panel, and then click Credentials Manager.
    2. Under Generic Credentials, locate the account that you want to remove, and then click Remove.
    3. Log off, and then log on to the computer.