From your description, it seems that Office applications on your Mac keep requesting keychain access after you update your MacOS to Catalina. For example, 'Microsoft Word wants to use your confidential Information stored in 'Microsoft Identity xxxxxxxx-xxxxxxx-xxxx-xxxxxx' in your keychain.
Select the login keychain entry in the top left navigator pane, then from the File menu, choose Lock Keychain 'login'. Launch any Office app, such as Word. You'll receive a prompt requesting permissions to access the keychain. Enter your Mac admin account password and click OK. Resetting Keychain Access on a Mac may cause a lot of confusion for some users. The reason is that the keychain password and the user account password to log in to your Mac might be different. Per request from our users, we’ve decided to write a detailed guide on how to reset your Apple keychain if you’ve forgotten it. Open Keychain Access. In the Finder window, under Favorites, click Applications, click Utilities and then double-click Keychain Access. In the Keychain Access toolbar, click File Import Items. In the Keychain Access window, in the Destination Keychain drop-down list, select System. Go to ApplicationsUtilities and launch Keychain Access. Click on the Keychain Access menu and choose Preferences. Press Reset My Default Keychains. Keychain Access will now create new empty login and iCloud keychains, which will be given the same password as your user account. Finally, add Keychain. In Keychain Access, go to the File menu.
-->Symptoms
In Microsoft Outlook 2016 for Mac, you are repeatedly prompted for authentication while you're connected to your Office 365 account.
Cause
This issue occurs because of the presence of duplicate tokens in the keychain.
Resolution
To resolve this issue in Outlook 2016 for Mac, install the February 2017 Outlook update (version 15.31.0) from the following Office website:
How To Access Keychain Macbook
Workaround
To work around this issue, delete any cached passwords for your account, and also delete any modern authentication tokens from the keychain. To do this, follow these steps.
Note
These steps affect all Office applications that use modern authentication.
Keychain Access Mac Password
Quit Outlook and all other Office applications.
Start Keychain Access by using one of the following methods:
- Select the Finder application, click Utilities on the Go menu, and then double-click Keychain Access.
- In Spotlight Search, type Keychain Access, and then double-click Keychain Access in the search results.
In the search field in Keychain Access, enter Exchange.
In the search results, select each item to view the Account that's listed at the top, and then press Delete. Repeat this step to delete all items for your Exchange account.
In the search field, enter adal.
Select all items whose type is MicrosoftOffice15_2_Data:ADAL:<GUID>, and then press Delete.
In the search field, enter office.
Select the items that are named Microsoft Office Identities Cache 2 and Microsoft Office Identities Settings 2, and then press Delete.
Quit Keychain Access.
Note
When you start Outlook, you are prompted to authenticate.
Issue
Machine Certificate authentication is used on MAC OS X clients. During the GlobalProtect connection process, the user needs to enter the Local Administrator account credentials to allow access to the System keychain twice.
Cause
When using Machine Certificates with GlobalProtect on Mac OS X Clients, the certificate must be accessed from the 'System' keychain in MAC OS X. This will cause a Keychain Access prompt to appear twice when the client attempts to access the certificate for verification against both portal and gateway.
Keychain Password Mac
Workaround
- Open the Keychain Access application and locate the Machine Certificate issued to Mac OS X Client in the System keychain.
- Right-click on the private key associated with Certificate and click Get Info, then go to the Access Control tab
- Click '+' to select an Application to allow
- Press key combination <Command> + <Shift> + G to open Go to Folder
- Enter '/Applications/GlobalProtect.app/Contents/Resources' and click Go
- Find PanGPS and click it, and then press Add
- Save Changes to private key
The steps above allows GlobalProtect access to only THIS certificate and private key. It will no longer prompt for keychain access, giving users a seamless, no-touch experience with Palo Alto Networks GlobalProtect.
Notes:
- If the workaround provided above doesn't work, please do:
- Move the certificate from System keychain to Login keychain
- Step-1 should then create a prompt similar to below. Click on 'Always Allow'
- The procedure has to be done again every time client is updated.
owner: panagent