How to setup external claims provider

Mike Marchetti 11 Reputation points

I am trying to setup an Azure Conditional Access Policy using Custom Controls with an external claims provider. I have registered an application, however, during the conditional flow to my external identity provider, Azure gives an error:

Sorry, but we’re having trouble signing you in.

AADSTS50172: External claims provider 85889553-afad-4543-82e3-96377d8f47f7 is not approved.

I cannot find any specific reference to this error, or how to approve an external claims provider. Can you provide some guidance or document links that would here?



Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,514 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Arunkumar Seenivasagan 86 Reputation points

    I had a discussion with MS on this topic some time back. What I heard is, this feature would be revamped.
    At the moment not all the 3rd party is supported.
    List of supported identity providers

    • Azure Active Directory
    • AuthAnvil Single Sign On 4.5
    • BIG-IP with Access Policy Manager BIG-IP ver. 11.3x – 11.6x
    • BitGlass
    • CA Secure Cloud
    • CA SiteMinder 12.52
    • Centrify
    • Citrix
    • Dell One Identity Cloud Access Manager v7.1
    • DigitalPersona Composite Authentication
    • ForgeRock Identity Platform Access Management V5.x
    • IBM Tivoli Federated Identity Manager 6.2.2
    • IceWall Federation Version 3.0
    • Memority
    • NetIQ Access Manager 4.x
    • Okta
    • OneLogin
    • Optimal IDM Virtual Identity Server Federation Services
    • PingFederate 6.11, 7.2, 8.x
    • RadiantOne CFS 3.0
    • Sailpoint IdentityNow
    • SecureAuth IdP 7.2.0
    • Sign&go 5.3
    • SoftBank Technology Online Service Gate
    • VMware Workspace One

    1 person found this answer helpful.
    0 comments No comments