This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 72%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
When testing Microsoft Entra External Id it uses CIAMLogin dot com which is now been universally flagged as phishing or malicious domain. Also blocked by my company. What is Microsoft position on this? I’ve been using a Trial tenant to setup apps and get sign in and sign up flows working.
Obviously it is a part of msal.js in all of their code and other languages. It’s mentioned in the documentation online. I also understand that it is new and for entra. Domain was created in February 2023. What we need is if we can we find official information that Microsoft owns this domain and it is safe. See attached screenshot from safari even marks it in bright red when going to it. What’s an alternative if this isn’t resolved ?
Test: (from unit testing of msal js: https://test.ciamlogin.com)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 88%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBO%3C/text%3E%3C/svg%3E)
It is resolved externally and the www.ciamlogin.com and test.ciamlogin.com internally (our corp network). I still have our trialtenant blocked by our Fortinet but I checked on my phone that I can access that URL so I will email my Networks dept. Thank you !
So our trial tenant is still flagged on some scanning sites: https://www.urlvoid.com/scan/trialtenantqhzcpqcy.ciamlogin.com/ including CRDF and Fortinet
Please advise. @Bora Ozbayburtlu \
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Aleks S ,
Thanks for bringing this up.
We have identified that this domain is flagged as blacklist in SURBL. We have already raised the IcM for this and are working on it to remove this from the blacklist.
I will update the status here once it has been resolved.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 15%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Any update on this? Was hoping to look at Entra External ID rather than B2C, but my first experience trying a sign-in flow is a big, red, content blocked screen.
Hi Christopher Crook • ,
We are working on this as a priority and will update you as soon we are able to fix this.
Thanks for your feedback and patience throughout this issue.
Thanks,
Shweta
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 88%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEM%3C/text%3E%3C/svg%3E)
We are experiencing this issue with HP Wolf. I thought it was resolved.