25,080 questions
SSO with AWS Cognito Not Working
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 19%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Matt
0
Reputation points
We are trying to set up SSO with Microsoft on our AWS with Amplify and it is not letting any account sign in. We have it set up to accept any account type (personal and organizational). We are getting the following error code: "Selected user account does not exist in tenant ‘…’ and cannot access the application ‘…’ in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account."
We have it set up as a singled page application set up with a client ID and secret and it is being redirected back to Cognito hosted UI. For Cognito we have it connected to the Microsoft SSO added as an identity provider.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator2024-08-27T17:38:09.2766667+00:00 Hi @Matt
May I know where you have set up to accept any account type (personal and organizational). and could you please share the document which you have followed and the account you have been using to sign in. please do share the error screen shots what you get. -
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
2024-08-30T14:23:07.77+00:00 Hi @Matt
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help. -
Matt 0 Reputation points
2024-08-30T14:40:42.9433333+00:00 Hello @akhilesh WE are still having the issue. HELP!We are trying to setup Microsoft SSO within our AWS Cognito user pool but haven’t had any luck. The user pool is linked to Azure through ODIC and we set up a web application in Azure. We are able to get to the Microsoft login page and can login, but the redirect URL has an error in it. Here’s the error that’s in the URL: http://localhost:3000/login?error_description=Bad+id_token+issuer+https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0error=invalid_request
-
Matt 0 Reputation points
2024-08-30T14:49:16.9666667+00:00 @akhilesh please see the comment/answer below. WE are still having the issue. HELP!We are trying to setup Microsoft SSO within our AWS Cognito user pool but haven’t had any luck. The user pool is linked to Azure through ODIC and we set up a web application in Azure. We are able to get to the Microsoft login page and can login, but the redirect URL has an error in it. Here’s the error that’s in the URL: http://localhost:3000/login?error_description=Bad+id_token+issuer+https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0error=invalid_request
-
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
2024-09-04T20:29:45.11+00:00 Hi @Matt
This seems it require further troubleshooting, could you please send us an email on azcommunity [at] microsoft [dot] com referencing this issue with a subject line "ATTN:akhilesh"
Sign in to comment
Sign in to answer