Error: Changing AuthenticationType From Managed to Federated is Currently not Supported when I use Update-MgDomain

Adrian& 1 Reputation point

Because MSOnline is deprecated, I have installed Microsoft Graph PowerShell module.
I am able to configure SSO for an old subdomain which is already Federated, but when I've created a new subdomain which is by default Managed, I am not able to convert to Federated in order to setup the SSO.

I've used the bellow command and I got an error.

PS C:\Users> Update-MgDomain -DomainId -AuthenticationType Federated Update-MgDomain : Changing authenticationType from Managed to Federated is currently not supported. At line:1 char:1 + Update-MgDomain -DomainId -AuthenticationType Federat ...

  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : InvalidOperation: ({ DomainId = su...tGraphDomain1 }:<>f__AnonymousType932) [Update-MgDom ain_UpdateExpanded1], RestException1 + FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.UpdateMgDomain_UpdateExpanded1

Please let me know how can I Federate the domain in order to be able to setup the SSO?



Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,734 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 11,921 Reputation points Microsoft Employee

    @Adrian& Thank you for reaching out to us, as per my research and findings, prior to changing the domain Authentication type, FederationConfiguration must be created in order to switch from Managed to Federated.

    Command to create DomainFederationConfiguration:

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    No comments