Share via

Cascade Authentication in Entra ID Sign in Logs

Abdelrahman AL-Nahhas 20 Reputation points
2025-04-15T12:30:52.3133333+00:00

We see Cascade Authentication in our Azure sign in logs as application, however our users when asked do not recognize this application. What is this referring to? image

These are the Authentication Details

User's image

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Jyotishree Moharana 1,845 Reputation points Microsoft External Staff Moderator
    2025-04-16T17:56:23.14+00:00

    Hello @Abdelrahman AL-Nahhas,

    Cascading authentication can happen when there are multiple Identity providers and especially seen in environments with federation in place or have Azure AD B2C configuration. Cascade authentication that you are seeing in the logs it isn't an application it is a type of authentication which can happen based on availability or the defined user flows.

    The sign-ins could have been logged when trying to use any application or integration which may have triggered additional authentication.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 119.7K Reputation points MVP Volunteer Moderator
    2025-04-15T15:27:46.3033333+00:00

    It might be something built-in, as mentioned in this thread: https://learn.microsoft.com/en-us/answers/questions/2127397/azure-sign-in-logs-cascade-authentication

    Do you see an AppID value? If so, you can cross-reference it via quick online search. Similarly, if you are using Defender for Cloud, look it up in their database.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.