Cannot create non-existing user with error that this user already exists
We have an application that allows external users create an account in our system which is Azure B2C tenant One of the users already has an account but with domain1 e-mail address This partner recently changed their domain name to domain2 and user…
Workday to Active Directory User Provisioning - Management Level Attribute
Hi All! I’m trying to add a workday attribute : Management Level (senior manager, manager etc). I’m trying to use the below XPath, but it is not bringing anything…
Azure B2C claims such as UPN, Surname and GIvenName not returned
We have an Azure B2C solution setup to authenticate our joint venture partners that are using Azure and Ping in their organization. We are using OpenID Connect for both Azure and Ping to sign-in users. For both Azure (including our own organization)…
I am getting a "Requests from this IP are not allowed" when trying to signin/signup to Entra ID for external providers
I am trying to follow the tutorial in the link https://learn.microsoft.com/en-us/entra/external-id/customers/tutorial-mobile-app-maui-sign-in-sign-out ... I have created the UserFlows ., but when running the app , I get a "Requests from this IP are…
When integrating entra ID with AWS Identity cenTRE SSO, can you suggest how the saml exchange takes place securely over the internet?
When integrating entra ID with AWS Identity cenTRE SSO, can you suggest how the saml exchange takes place securely over the internet?
Entra ID - QuickStart Application multiplying like rabbits
I've been trying to move a blazor application with an API within Entra ID. For some reason, I've notice that today I have about 15 "QuickStart Application" created. They seems to be creating when I use the Integration Assistant in the…
Getting AADSTS501204 Malformed jwt error while logging into Microsoft apps. how to resolve this?
I have changed password for my company account. since then I am facing malformed jwt error when I try to login into Microsoft apps. I am able to login to microsoft apps through browser with new password but unable to login through installed apps. It is…
How to fix '/home/LogFiles/Application/Functions/Host' Azure function
The set up we have: Azure function app, we have queue trigger in the azure function and we set up our function using teraform template. The function will not discover the functions or anything. But if we change the azure AzureWebJobsStorage to the…
How to assign custom user attributes to B2C users?
I'm looking to assign custom attributes to each of my B2C users, such as job titles, to assign different permissions in my application. I've created the custom attribute "JobTitle" in B2C, but I don't know how to assign individual users a…
When provisioning a user through Azure portal, we are missing attribute that is mapped in to be synced in target application
The user is getting provisioned correctly in the target application, however we are missing the attribute "department". I've read the mapping is responsible for handling this correctly, however I have tried mapping it several different ways. We…
We encountered an 'invalid_grant' error connecting to the identity provider. Please try again later
Category : Azure AD B2C We have added federated login(Sign in with Google) to our application. Google IDP is working well for users having @gmail domain users but non gmail users , some of the users we are getting below error. "We encountered an…
Microsoft Entra Id - Sign In Log API
Hello Team, We could see there are four types of Sign-in logs as per https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins?source=recommendations#what-are-the-types-of-sign-in-logs. Is Sign-in API return all these type…
Restrict Microsoft Graph API permission
Hello, one of the applications in the tenant needs permissions to the Graph API AppRoleAssignment.ReadWrite.All with the Application type in order to automatically manage AppRoles assignment in the application. However, these permissions pose a high…
Microsoft 365 Defender - How to get more meaningful email alerting?
How can I get more meaningful email alerts using the Microsoft 365 Defender? Because every time I get the email alert, the email is not as informative like the below: Microsoft 365 Defender has detected a security threat in your environment View incident…
Why has my long running 90 day inactive Guest Access Review suddenly start using non-interactive sign-in instead of interactive sign in timestamps?
Hello, I have been running the above mentioned access review for probably 2 years without major issues. Recently it seems that the reviews have switched to looking at non-interactive sign-ins as well as interactive sign ins. There is really two issues…
Can I put the value of instanceDurationInDays in minutes for the QA while creating access reviews using powershell?
I am able to create an azure access reviews with Graph API 1.0 using PowerShell. Now, there is a property called instanceDurationInDays which should have an integer value. The access review will remain active for the number of days of the value of…
Using Azure AD as an identity provider in Keycloak-based applications: how can I add missing user data to my client applications?
Hello, I'm currently using Azure AD as my identity provider and Keycloak as my intermediary/broker for my client applications. However, I need some user attributes (such as phone, email, picture, and officeLocation) that aren't provisioned from Azure to…
AAD Sync errors 8344 on export for a small number of accounts
Good morning hive mind! I am struggling to find what is causing error 8344 on just 8 accounts on Export sync with AAD, getting error 8344 "Insufficient access rights to perform the operation" we have enabled inheritance on the MSOL account,…
Cannot register for Hardware Developer Program
I am trying to register for the Hardware Developer Program. I am logged into an account that is marked as Global Administrator when I check in Microsoft Entra admin centre ("Your Role: Global Administrator"). However I cannot progress through…
Connect-MgGraph : Invalid JWT access token. Connect-AzAccount : InteractiveBrowserCredential authentication failed
I need help and a solution to rectify the below error when executing the PowerShell Connect-* command. $TenantID = '22bb9241-65c8-45b4-94f9-7c151e154693' $AzSubscriptionID = 'd487514e-4317-447f-af79-5022d310f6bd' $paramConnectMgGraph = @{ Scopes =…