Troubleshoot AAD errors for integrations
If you encounter an AAD invalid grant error for an integration, it's likely that you've run into one of these common error types based on the configuration of your account or device.
The device on which this connection was first created might not have been in a managed state. Try reauthenticating or creating a new connection.
The device on which this connection was first created is no longer in a compliant state. Try reauthenticating or creating a new connection.
AADSTS53000: Device isn't in required device state: compliant. Conditional Access policy requires a compliant device, and the device isn't compliant. The user must enroll their device with an approved MDM provider like Intune
The device on which this connection was first created is no longer in a compliant state. Try reauthenticating or creating a new connection.
AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password
The current token being used for this connection has expired. Try reauthenticating or creating a new connection.
AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multifactor authentication to access
Authentication failed. Try reauthenticating or creating a new connection.
AADSTS500341: The user account <account ID> has been deleted from the <AAD> directory. To sign into this application, the account must be added to the directory
The user account with which this connection was first created is no longer in an active state. Try creating a new connection.
AADSTS50034: The user account <account ID> doesn't exist in the <AAD> directory. To sign into this application, the account must be added to the directory
The user account with which this connection was first created is no longer in an active state. Try creating a new connection.
The device on which this connection was first created is disabled. Try reauthenticating or creating a new connection.
AADSTS700082: The refresh token has expired due to inactivity. The token was issued on <time stamp> and was inactive for <duration in days>
The current token being used for this connection has expired. Try reauthenticating or creating a new connection.
Try reauthenticating or creating a new connection.
If you're the owner of the errored-out connection, you'll see the Try again option in the integration popover. Select Try again to trigger reauthentication.
The connection can also be reauthenticated by navigating to Account Settings > Preferences > My integrations and reauthenticating the connection with the associated error.
If the error still appears, try creating a new connection from the integration connection dropdown at the top of the integration setup page.
If you don't own the errored-out connection and are instead sharing a connection owned by another user, you can either create a new connection as shown above or reach out to your Viva Goals administrator for help.
If you're a Viva Goals administrator, you can reauthenticate the existing connection or create a new connection by navigating to Admin > Integrations > Specific integration and selecting Manage. There, you'll see a list of your organization's connections and can choose whichever one you need.
To set up a connection, select Enable on the integration you want to set up a connection for, then follow the setup steps. Remember: only admins or connection owners can edit connections.
To make connections public (that is, usable by everyone in the organization) or private, toggle the Share connection checkbox. Users will be able to see their private connections, followed by their public connections (if any).
If you're a Viva Goals administrator or a tenant administrator, you can create a new connection by navigating to Admin > Integrations in the Viva Goals web or Teams app, selecting Manage for the appropriate integration, and finally selecting New Connection. You can also reauthenticate the connection from this page if needed.
If you don't have admin access, you can create a new connection in two ways:
- On the integration setup page, select Add new connection on the connection dropdown.
- Navigate to Account Settings > Preferences > My integrations and add a new connection.
How do I replace the old errored-out connection with a new connection in the integrated key result or initiative?
When you see the option to "edit integration," select Edit to navigate to the integration setup page, then choose the new connection from the connection dropdown on the top. Once the new connection has been chosen, select the necessary details in integration setup and save to resume automatic progress updates.
If you don't have the option to "edit integration," you can either reach out to the key result/initiative owner or a Viva Goals administrator to help update the connection and resume automatic progress updates.