Share via

Hubspot SSO Errors - AADSTS650056: Misconfigured application.

Tom Ridges from Herdify 0 Reputation points
2024-09-16T11:00:00.01+00:00

I'm trying to configure hubspot <> Azure AD SSO, as per the guide

https://learn.microsoft.com/en-gb/entra/identity/saas-apps/hubspot-tutorial

When I run "test" from Azure, it works.

When I run "test" from Hubspot, I get.

AADSTS650056: Misconfigured application. This could be due to one of the following: the client has not listed any permissions for 'AAD Graph' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: 7255d02c-7984-48ef-8f3b-95581cf7e226.

I can sign-in to hubspot via SSO but until the test above completes, I can't configure it.

The error points at API permission for AAD graph, but when I go to "applications > app registrations > hubspot > API, 'AAD graph' graph is greyed out as its been deprecated.

If I look in the flagged errors, I only get a generic error message, nothing about what permissions are missing.

Any ideas?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 23,800 Reputation points Microsoft External Staff Moderator
    2024-09-19T20:46:18.7933333+00:00

    Hello @Tom Ridges from Herdify,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, it appears you are encountering error code AADSTS650056 when attempting to run a test from HubSpot.

    Upon checking the API permissions for the application in Entra ID (Entra ID >> App Registrations >> HubSpot >> API Permissions), you noticed that the app has the Azure AD Graph API, which is deprecated.

    Since Azure AD Graph APIs are deprecated, it is recommended to use Microsoft Graph API instead. At a minimum, you should have the Microsoft Graph User.Read delegated permission configured on the app registration for both the client and resource. Please try adding the Microsoft Graph API and ensure that all permissions for the application are granted admin consent.

    For more details, please refer to the following document:

    AADSTS650056: Misconfigured application.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.