M365 Consultant Lifehack: KeePass Auto-Type for AAD Login-Prompts

Quick one today šŸƒā€ā™‚ļø

When you work on multiple tenants, you’ll probably have to manage a whole lot of different logins. Now – as this is just a quick lifehack – let’s not go into why you should be using a password manager, I’ll assume that you know that already.

This posts looks at how to improve the experience when using KeePass to manage your accounts.

Why KeePass?

For my everyday it is perfect to be able to create a different database for every customer and store service-account credentials, logins and/or other sensitive information in one place. I can then store the file in SharePoint or OneDrive to able to access it from anywhere.

You can take a look at KeePass and download it for free here: https://keepass.info/
KeePass is distributed under the GNU General Public License version 2 or later.
(I’m in no way associated with KeePass.)

Auto-Type

KeyPass has a super helpful feature called “Auto-Type”: You can have it automatically type in your username and password in a login mask by typing Ctrl + V.

Why is typing it in so cool? Well, mostly because it also works through a remote connection!

This has saved me from severe headache in many a SharePoint migration…

The challenge

KeePass AutoType is designed for Windows System-Dialogues, so it does the following:

  1. <Username>
  2. [TAB]
  3. <Password>
  4. [ENTER]

Wonderful for local and domain accounts – not suitable for AAD login prompts.

The AAD login prompt

The TAB-order on an AAD prompt looks different:

  1. TAB takes you to the link to create a new account.
  2. TAB takes you to the link to reset your access.
  3. TAB takes you to the “Next” button – this is where we want to go.

So if you use Auto-Type
-> the username is entered correctly
-> the focus jumps to the first link
-> the password is typed into Nirvana
-> the link to create a new account is clicked
Not ideal.

Screenshot of an AAD login prompt showing the TAB order described in this paragraph.

The solution

Luckily, KeePass allows us to set a custom Auto-Type sequence for every entry! This is the guide for doing it in KeePass 2 – if you’re on an older version: why?
I’ve tried the following sequence and it works like a charm:

{USERNAME}{TAB}{TAB}{TAB}{ENTER}{DELAY 2000}{PASSWORD}{TAB}{TAB}{ENTER}

This new sequence will
-> enter the username
-> jump to the first link
-> jump to the second link
-> jump to the “Next” button and click it
-> wait for 2 seconds to allow AAD to go to the next login step
-> enter the password
-> jump to first link
-> jump to the “Sign in” button and click it
Ideal.

To set it up like this, follow these steps:

  1. Right click your entry.
  2. Click “Edit entry”.
  3. Switch to the “Auto-Type” tab.
  4. Select “Override default sequence:”.
  5. Enter the sequence described above.
  6. Select “OK.
Screenshot of the KeePass "Edit Entry" screen on the "Auto-Type" tab. Numbers indicate the steps described in this paragraph.

The result

GIF showing the username and password being auto-typed into an AAD login prompt in the correct sequence.

Questions?

If anything is unclear or you are interested in one of the things I left out here, let me know. You might be just the motivation I need to write another article šŸ˜‰

Iā€™m going to be honest ā€“ comments on blogs are not really on my radar usually. Iā€™d recommend trying Twitter: @considerITman

Leave a Reply

Your email address will not be published.