This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 3%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Dear Microsoft Support,
We are currently setting up SAML-based Single Sign-On (SSO) integration between our FortiGate Firewall and Azure Active Directory. During testing, we encountered the following error:
AADSTS700016: Application with identifier 'https://ip and port number/remote/saml/metadata' was not found in the directory 'TECEZE'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant.
We have configured the SAML Entity ID and Reply URLs in both FortiGate and Azure AD. Despite this, Azure AD is not recognizing the application during the authentication attempt.
We would appreciate your assistance in identifying and resolving this issue.
Impact:
Users are currently unable to authenticate via SAML SSO, blocking secure VPN access through FortiGate.
Please let me know if any additional logs or configuration details are required from our end.
Double check everything again.
An error like that means something isnt matching between what is set for the entityID in Entra and what is set in Fortigate. Could be a missing / or something like that
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Hi @Mano Vasu,
In Addition, with @Andy David - MVP I would like to provide detailed explanation.
Based on your query, here is my understanding: Received AADSTS70016 error for newly configured SAML SSO application.
The error AADSTS70016 comes when the application does not exist in Azure active directory. Azure validates a SAML application with Identifier (Entity ID) which has been provided for the application in Entra ID SAML SSO configuration. SAML2 uses EntityId in the request and compares it to the App ID URI for the application registration.
So, you need to make sure the Entity ID provided by the application team has been matched to the one provided in Entra ID SSO configuration. Please do reverify the details with application team and update the Entity ID and other URLs accordingly.
Here is the Microsoft document for you reference: Configure Microsoft Entra SSO
Note: The Identifier, sign in URL and reply URL mentioned in the above document are just sample patterns. You need to use the actual Sign on URL, Identifier, Reply URL, and Logout URL that's configured on the FortiGate. FortiGate support needs to supply the correct values for the environment.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
Isnt that what I already said? Why repeat it?
Hi @Mano Vasu,
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know
Hi @Mano Vasu,
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know