I had to manually set a password and set it to not force the user to update. I then had the user manually update the password. This is the only way I could get this to work today.
AADSTS50012: Authentication failed.
Hello! I am having the sae problem. I recently created a new user for a new memeber of my organization. I gave her the credentials and when she does the first log in, it requires the username to set up a password (as the password provided by microsoft is temporary) once she sets up the new password, this error happens. So she isn´t able to log in.
I tried doing it myself and effectively it is not possible to log in.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator
9 answers
Sort by: Most helpful
-
-
Jami Moore 11 Reputation points
2022-10-13T19:30:05.43+00:00 I found a workaround!
Go to change their password in the Admin panel, but uncheck the box that makes them reset their password after logging in with the temporary password. Once they log in with the password you've assigned, they can gain access to their account and then manually change their password in the settings.
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
2022-12-01T23:04:47.847+00:00 Hello everybody and thanks a lot for reaching out. My understanding is that you're encountering the AADSTS50012: Authentication failed error whenever A. A new user tries to set a new password and/or B. A new user tries to set a new password once the initial one has expired. For the latter case and as a possible work around create the user using AzureAD PowerShell o Microsoft Graph PowerShell (Or API) setting the passwordProfile as "DisablePasswordExpiration". Eg.
AzureAD
Connect-AzureAD $PasswordProfile=[Microsoft.Open.AzureAD.Model.PasswordProfile]::new("string", $true, $false) New-AzureADUser -DisplayName "string" -PasswordProfile $PasswordProfile -UserPrincipalName "string" -AccountEnabled $true -MailNickName "string" -PasswordPolicies "DisablePasswordExpiration"
Microsoft Graph PowerShell
Connect-MgGraph -Scopes "User.ReadWrite" # Or -AccessToken "string" where "string" is an access token with User.ReadWrite or superior scopes $PasswordProfile = @{ ForceChangePasswordNextSignIn = $true Password = "1234" } New-MgUser -DisplayName "string" -PasswordProfile $PasswordProfile -UserPrincipalName "string" -AccountEnabled -MailNickName "string" -PasswordPolicies "DisablePasswordExpiration"
In any case, if the issue persists, please post debuggin information: correlation-id and timestamp so we can better analyze it.
I will be waiting for your comments.
-
JimmySalian-2011 42,491 Reputation points
2022-10-12T10:55:19.64+00:00 Hi,
The error code points to one of this :
AADSTS50012 AuthenticationFailed - Authentication failed for one of the following reasons:
The subject name of the signing certificate isn't authorized
A matching trusted authority policy was not found for the authorized subject name
The certificate chain isn't valid
The signing certificate isn't valid
Policy isn't configured on the tenant
Thumbprint of the signing certificate isn't authorized
Client assertion contains an invalid signatureCheck if user is having any conflicts from Onpremise? Also check like Device is having any user certificates that require renewal? Try the process from another PC or incognito browser.
Hope this helps.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well. -
Achraf Ben Alaya 1,311 Reputation points MVP
2022-10-12T22:03:48.81+00:00 Well it’s weird but it worked when i used a simple password instead of complex one..