![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 67%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 91%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello Jackie,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that your Azure SSO is providing blank screen for multiple platforms.
This is not an application bug, but a modern authentication flow conflict between Azure SSO > App redirect > Browser enforcement of security (SameSite, Secure cookies, embedded context blocking). You should validate this under Microsoft Entra ID > App registrations > Authentication and confirm every reply URL used by the application is explicitly listed, as documented here: Configure authentication in Entra ID – https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app Redirect URI restrictions – https://learn.microsoft.com/en-us/entra/identity-platform/reply-url
Secondly, another frequent root cause involves Conditional Access policies enforcing sign-in frequency or session controls during secondary authentication prompts. When a re-authentication occurs inside a popup or embedded window, certain policies can interrupt token issuance without surfacing a visible error, resulting in a blank page. Microsoft recommends reviewing sign-in logs and evaluating Conditional Access impact through the policy insights and reporting workbook. Temporarily excluding the affected application from strict session policies can confirm whether Conditional Access is interfering with the flow. Official guidance for reviewing these settings is available here: Conditional Access overview – https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview Sign-in logs in Entra ID – https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins
Thirdly, modern browser security enforcement is another validated cause, particularly regarding SameSite cookie handling. Microsoft identity platform requires cookies used in cross-site authentication flows to be set with SameSite=None; Secure, otherwise browsers such as Edge and Chrome may block them in iframe or popup contexts, leading to incomplete redirects. Applications that embed authentication within iframes are especially susceptible to this behavior. Vendors must ensure compliance with current browser standards and Microsoft’s identity platform requirements, as outlined in the official documentation: SameSite cookie guidance – https://learn.microsoft.com/en-us/entra/identity-platform/howto-handle-samesite-cookie-changes-chrome-browser Authentication flow fundamentals – https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
Also, to further isolate the problem, it is essential to capture browser network traces using developer tools during the failing re-authentication attempt. Look specifically for failed authorization code exchanges, HTTP 400/401 responses, redirect_uri_mismatch, or blocked third-party cookies. Microsoft recommends validating that the authorization response successfully returns an authorization code and that the token endpoint call completes without interruption. If copying the blank page URL into a new browser tab completes successfully, this strongly indicates an embedded context or third-party cookie restriction rather than a core identity failure. Troubleshooting guidance for OAuth authorization code flow is detailed here: OAuth 2.0 authorization code flow – https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow Troubleshoot sign-in issues – https://learn.microsoft.com/en-us/entra/identity-platform/troubleshoot-authentication
I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.