Hi JoneJere ,
If you have confirmed that all of the fields are correct and are still receiving the access error, feel free to send me an email at AzCommunity@microsoft.com ("Attn: Marilee Turscak") so that we can troubleshoot offline.
I would recommend, however, trying the following steps first if you have not done so already:
- Confirm that "Accounts in any organizational directory" is set under Authentication > "Supported account types".
- Copy the URL from your error and open the
Single Sign-On
menu under the Enterprise Application > Single sign-on > Identifier (Entity ID) Then, paste the URL from the error into theIdentifier (Entity ID)
option: - Ensure that you are using the ID of
Application (client) ID
instead of the client secret. - Search the references in your code and confirm that there is no mismatch, added character, white space, extra slash, or any difference between the tenant ID and client ID referenced in the code vs what is referenced in the registration and Enterprise App settings.
- Use the Test SSO Function in the Azure AD Portal by going to Enterprise Applications > select the application > Single sign-on > Test this application > Copy and paste the error received into the Resolving errors section > and click Get resolution guidance. Verify if there is a difference between the issuer and the identifier.
Let me know if this helps and feel free to reach out to me over email as well if you would like.
If the information helped you, please Accept the answer. This will help us as well as others in the community who might be looking up the same error.