How to fix 'AADSTS90023: V2 tokens require asymmetric token signing credentials'?
I have a web app using Azure AD to login users. It is using the MSAL python library to redirect users to a https://login.microsoftonline.com/(...) URL for login, then exchanging the authorization code from the call for an access token. It was working…
Expression builder multiple IIF nesting
Hey folks, I've run into a problem in building expressions. As part of our Workday to Active Directory provisioning, we want to have the email address built out based on Company name. However, we have multiple company names under our AD user profiles and…
help with MSAL and node.js
I seem to be running in circles and could use some guidance. We have a Vue based front end site that has our own username/password/mfa solution that, once logged in, sets a series of auth cookies back to the browser that go to each API call on our back…
Azure B2C - user can still visit website after logging out
Hello everyone, I am having problems with my azure b2c logout methods. I am using a .NET 4.8 C# MVC app connected to azure b2c. Our app uses openidconnect and cookie authentication. The login works great, and I am using local Entra accounts for this…
Can't Remove associated tenants in organization settings
Hello guys, i'm an admin in two associated companies, and when trying to setup a multi tenant organization i got stuck in this situation where i can't remove neither of the associated tenants, i can't see the remove button in any of the accounts : 1- 2-
MFA Authentication Strength re-prompting for MFA registration
We have a Conditional Access policy to prompt users for MFA every time they use the Azure VPN. This prompts for their password and then a Microsoft Authenticator notification. We would like to remove the need for users to enter their password but keep…
Application asked for scope 'roles' that doesn't exist
Hello, we have a app registration with openid authentication, but during authentication we get the following error: Error: invalid_client Description: AADSTS650053: The application 'XXX' asked for scope 'roles' that doesn't exist on the resource…
[Azure Load Testing] - Auth with managed identity
I am trying to configure an azure load test to obtain the AAD bearer token using managed identity. Until now, I used secret-based authentication and I was generating manually the JWT token and passing it though the test parameters. Now, I am trying to…
Service principal creation failed by privilege access
We are trying to create a main service for Atlas MongoDB to provide access to our API in Kubernetes, however, we saw that our permission was not necessary to be able to create the account, when trying to add the permission (Global Administrator) we saw…
I've installed Dynamics365_10.0.39 vhd, when I try to login to Dynamics 365 I get the below error, I'm a beginner, how to fix
Request Id: 157621f8-7ea8-4a3a-91e9-0d59ba883600 Correlation Id: a9208675-df82-4b08-8f3a-1aee5522ad1e Timestamp: 2024-06-14T05:55:01Z Message: AADSTS700016: Application with identifier 'e9add948-9fa7-4448-b2f9-bbfda034857b' was not found in the directory
Personio integration in Entra ID
Hallo zusammen, wir haben die Anbindung Personio mit Microsoft Azure erstellt. Dabei sind alle Daten unsere Gesellschaften mit übergegangen. Wir wollen nur die Daten der Hauptgesellschaft in Azure integrieren. Ist dies Azure-seitig konfigurierbar?
Azure B2C custom page layout not reflecting changes in template
Trying to develop a custom page layout for my User Flow. When changing the content in the blob storage, updating the Custom page URI or even turning off the option to use a custom template - no changes are reflected when running the user flow either from…
Invalid_grant error when calling GraphServiceClient
Hi, I am using AuthorizationCodeContext authentication to get token to GraphServiceClient service. authorization is done via…
I was hacked by hacker
I check my authenticator history and a lot of request was try to access. Can we had my location to add one more layer of security to use authenticator sign in. If they try 1 time per hour I will really lost my connection one day. Maybe today or…
Entra Conditional Access: Where do the Channel Islands fall under for Geolocation
I'm looking at setting up multiple conditional accesses. One of those will be geolocation (IP and location) based. I am running into an issue where I am unsure if the "Channel Islands" fall under (within the boundary) of the "United…
Sign-in error code: 9002341 - User is required to permit SSO
Hello, We have MANY failed sign ins with error: Sign-in error code: 9002341 - User is required to permit SSO. It happen all the time - but without any interruption for users. What exactly does it mean? I couldn't find any helpful information for…
Are appRoleIds ever allowed in preAuthorizedApplications?
According to https://learn.microsoft.com/en-us/graph/api/resources/preauthorizedapplication?view=graph-rest-beta, "In some rare cases, an identifier listed in the permissionIds property may refer to an app role (from the service principal's appRoles…
Implementing MFA for customer accounts not in Azure Active Directory B2C (Azure AD B2C) directory
Hello, We are implementing Azure B2C as identity system for an application. Our customer accounts are not in Azure Active Directory B2C (Azure AD B2C) directory. We are using Sign-in with REST API identity providerfor user sign-in process. We are…
配置SAML toolkit 时发生报错
在一开始,我在SAML toolkit上上传了XML metadata文件,之后我发现它不起作用。 于是想要在【SAML Configuration】中重新上传SAML证书。 但是我一点击该页面,就出现如下报错。 Error. An error occurred while processing your request. 我尝试删除注册到SAML toolkit的账户,以重新配置但是在SAML toolkit上没有找到对应页面。 这个报错该如何解决。
Entra User provisioning from SAP Successfactor - change odata api query - need to add filter
Hi all I'm wrestling a bit with SAP Successfactor user provisioning to Entra ID, it works good for most part, but i need to change the OData query filter. I guess this would be like this information mentioned here:…