![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 38%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
25,080 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Sajid Ali Shah ,
I understand that you are receiving the AADSTS50126 error even though the correct password is entered.
An MFA-enabled account cannot run in background and it requires interactive login, so if you are trying to do this you need to use a service account that does not have MFA enabled.
If the account is using federated authentication, this error is also expected. This is because if you have Federated authentication enabled for user sign-in, you get redirected to the federated IDP for credential validation. When you are using the ROPC flow via postman, this redirection is not possible and it results in the "Invalid username or password" error.
Note that federated authentication does not just mean that you are using ADFS. You can use 3rd party IDPs such as Auth0, OneLogin, and others. You will know that you are using federated authentication if you see the below image while signing in via browser with the same account:
If you create a new account with a UPN such as username@your_tenant.onmicrosoft.com to be sure you are not using federated authentication, you can test with that account. As the your_tenant.onmicrosoft.com domain always uses managed authentication, credentials are verified in Azure AD and no redirection to a federated IDP is required.
If you wish to enable the federated account to authenticate directly from Azure AD without needing to redirect to the federated Identity Provider, you can follow the steps in this blog to allow cloud authentication for the account and resolve the error that way. Another option is to disable federated authentication and use managed authentication.
There is already a bug filed to correct the wording on the error message for these scenarios, as the "invalid username and password" error is misleading.
See also: Invalid username or password