Thank you for posting this in Microsoft Q&A.
I understand that you are enabling SSO for Enterprise Apps in Windows Admin Center using Local Active Directory Domain.
You receive error AADSTS50003
when trying to sign into an application that has been setup to use Microsoft Entra ID for identity management using SAML-based SSO. This error caused by the application object is corrupted, and Microsoft Entra ID doesn't recognize the certificate configured for the application.
To fix the issue delete and create a new certificate, follow the steps below:
- On the SAML-based SSO configuration screen, select Create new certificate under the SAML signing Certificate section.
- Select Expiration date and then click Save.
- Check Make new certificate active to override the active certificate. Then, click Save at the top of the pane and accept to activate the rollover certificate.
- Under the SAML Signing Certificate section, click remove to remove the Unused certificate.
I'm just trying to set this up for our IT team to log in to WAC to administer servers. Is this process the only way to make this work? I have to create documentation, and send an app to be published? But that app is my local domain. That can't be right.
No, there is no need to create any documentation or send an application to be published.
Windows Admin Center defines two roles for access to the gateway service: gateway users and gateway administrators.
1.Gateway users can connect to the Windows Admin Center gateway service in order to manage servers through that gateway, but they cannot change access permissions, nor the authentication mechanism used to authenticate to the gateway.
2.Gateway administrators can configure who gets access as well as how users will authenticate to the gateway.
Gateway administrators can choose either of the following:
- Active Directory/local machine groups
- Microsoft Entra ID as the identity provider for Windows Admin Center
For your reference: User access options with Windows Admin Center
how to set up entra authentication with WAC
To configure Microsoft Entra authentication for Windows Admin Center. please follow the steps which mentioned in this document: https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/user-access-control#configuring-microsoft-entra-authentication-for-windows-admin-center
If you want to use Active Directory/local machine groups: Enabling SSO for Enterprise App (Local Active Directory Domain) with Windows Admin Center
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.