This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 28.999999999999996%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENC%3C/text%3E%3C/svg%3E)
getting this below error for all new starter, and if we change the password on old user they are not able to login on O365.
Sign-in error code
5000811
Failure reason
Unable to verify token signature. The signing key identifier does not match any valid registered keys.
Maybe your token signins certificate expired on AD FS. It does not impact those who have an Azure PRT already but will affect all new users and users for which the PRT is invalidated (like a password change). You can follow this procedure to make sure it is matching: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-o365-certs
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 17%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
What would be the steps if my federation is with Google Workspace?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 85%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
How can i make sure it's matching if I'm unable to sign in?
Have the same issue. Can't log in to try any of the fixes so now what?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 36%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYI%3C/text%3E%3C/svg%3E)
Have you tried the above?
Maybe your token signins certificate expired on AD FS. It does not impact those who have an Azure PRT already but will affect all new users and users for which the PRT is invalidated (like a password change). You can follow this procedure to make sure it is matching:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-o365-certs