Get Error AADSTS50079 when refreshing Token with Azure Intra ID with MFA enabled

Question

Get Error AADSTS50079 when refreshing Token with Azure Intra ID with MFA enabled

Bruin Fan 0

We are using OpenID Connect (OIDC) to have our users authenticate with MFA to a Cloud application. The user is able to authenticate with MFA and we initially see the proper refresh token request response. After some time, we suddenly get the Error message "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access". We have created a guest account for us to diagnose the problem connecting from our network and we do not see the issue. It seems that the issue only occurs for our customer connecting from within their own network. They are utilizing other applications that use SAML for authentication and do not see that same issue. Any ideas on what would cause this error inside our customers network when authenticating via OIDC but not when using SAML? Thanks in advance!

0 comments

1 answer

Your answer

Answer 1

Akhilesh Vallamkonda 15,355 Moderator

Hi @Bruin Fan

Thank you for post!

Based on the information you provided it seems that the user is blocked by Conditional Access policy or security defaults.
This happen might be the configuration change made by the admin such as a Conditional Access policy, per-user enforcement, or because the user moved to a new location, the user is required to use multi-factor authentication.

If you are using the Conditional Access policy, please ensure that the user is not included in any Conditional Access policies that require MFA.

If you enable the security defaults which means MFA is enabled for your whole tenant and users will need to enroll and authenticate.

Reference: https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#:~:text=to%20access%20%27%7Bresource%7D%27.-,AADSTS50079,-UserStrongAuthEnrollmentRequired%20%2D%20Due%20to
Hope this helps. Do let us know if you any further queries by responding in the comments section.

Thanks,

Akhilesh.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Akhilesh Vallamkonda 15,355 Reputation points Moderator

2024-10-24T04:52:18.7866667+00:00

Hi @Bruin Fan
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Bruin Fan 0 Reputation points

2024-10-25T15:20:16.79+00:00

I am scheduling time with the client so we can see what policies are being enforced.

The do have MFA enforcement on, and use it to authenticate. The strange thing is that initially the refresh token works, but after some time we all of a sudden get the error. I am able to login outside of the clients network as a guest to their MS Intra ID and do not see the same problem. And one of the employees has said that they have logged in from home and have not experienced the issue from home, but they see the problem when logged in at work. Could it be that they are being reissued IPs on their network which then is causing the error? Would their be a setting that that enforcement could be turned off?

Share via

Get Error AADSTS50079 when refreshing Token with Azure Intra ID with MFA enabled

1 answer

Your answer