25,145 questions
Access Denied Error During Auth0 and Microsoft Azure AD Integration
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 13%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Nishtha
20
Reputation points
Hello everyone,
I am currently integrating Auth0 with Microsoft Azure AD to allow users from other organizations to sign up. However, I am encountering an "access denied" error during the authentication flow. Here are the detailed steps of the flow and the issue:
- handleLogin is called
- A URL is generated that prompts the user to sign in.
- The user is then redirected to a Microsoft login URL.
- After signing in, the user is redirected to Auth0's callback URL.
- This then redirects to the /authorize/resume endpoint.
- Finally, it redirects to my application's callback URL with the access denied error.
Despite having given API permissions in my Azure AD app, I still encounter the "access denied" error related to OpenID permissions. I am not sure which specific permission is missing or incorrectly configured.
I have ensured that the following permissions are granted:
- openid
- profile
However, the issue persists. Any guidance on what specific permissions or configurations are required to allow users from other organizations' Microsoft Azure AD to sign up would be greatly appreciated.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
Raja Pothuraju 23,790 Reputation points Microsoft External Staff Moderator2024-07-25T09:51:07.5666667+00:00 Hello @Nishtha,
Thank you for posting your query on Microsoft Q&A.
From your description, I understand that you've configured an application in your tenant and enabled access for users from other organizations. However, these users are encountering an "Access Denied" error when trying to access the application. The API permissions you've set up should be sufficient to generate an ID token for your app. To diagnose the issue, we need to determine if the error is originating from Microsoft Entra or your application.
To check this, review the Microsoft Entra sign-in logs for any failure messages. If possible, please share a screenshot of the error message for further analysis. If the error is related to Microsoft Entra, ensure that admin consent has been granted for the API permissions.
For guidance on granting admin consent, refer to the documentation here:
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal
If you're still stuck on this, you can feel free to send me an email at AzCommunity@microsoft.com referencing this issue with a subject line "ATTN:pothurajur" include a link to the current thread.
Thanks,
Raja Pothuraju. -
Raja Pothuraju 23,790 Reputation points Microsoft External Staff Moderator
2024-08-01T13:05:22.4866667+00:00 Hello @Nishtha,
Since we did not receive a response to our last email, we are following up to see if you have received our last message. We hope to hear back from you soon.
Thanks,
Raja Pothuraju. -
Raja Pothuraju 23,790 Reputation points Microsoft External Staff Moderator
2024-08-05T07:26:52.53+00:00 Hello @Nishtha,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Sign in to comment
Sign in to answer