AADSTS50020: User account 'example@example.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '' in that tenant.
Hello, I am trying to integrate sign-in with Azure-ad using Next Auth. I followed all of the instructions in https://next-auth.js.org/providers/azure-ad and created a new application with the signInAudience set to AzureADandPersonalMicrosoftAccount.…
Entra ID and Microsoft Accounts in CIAM Tenant
I'm a bit confused with how some of the Identity options work in the new CIAM External Identities tenant. Let's say I have some customers who want to access my applications using Local accounts (email), and others who want to authenticate using either…
Transition to role-based access control (RBAC) in Azure by 31 August 2024
I created an Azure Account for deployment and have a service Administrator role in side Home > My resource group > Access control (IAM) > Classic administrators, I am the only person using this account as an owner and do not have any…
AD B2C show standard error page when REST API returns 4xx
Hi, I'm calling a REST API from an orchestration step just using a TechnicalProfile, but not inside a ValidationTechnicalProfile block. <OrchestrationStep Order="6" Type="ClaimsExchange"> <ClaimsExchanges> …
B2C Custom Policy Translations for Required Fields on SignUp page Not Translatable
Hi Folks, Using Custom Policy for Signup process. We have translations for 9 languages and several required fields. However the translations are not working for required fields. What I get is "{field-type} is required" (screen shot below). On…
Does the session cookie generated using microsoft Azure AD store any personal Identifying information
Hi, We use Azure AD authentication for MFA and SSO. We would like to know of the session cookie stores any personally identifying information?
How to jump to previous orchestration step
I am allowing users to sign in using multiple MFA options and want to persist the default selection. If the user has selected Phone / Email MFA options then on the next login user should be directed to Email or Phone MFA orchestration step, And MFA…
What is the relationship of guest users added to a SharePoint classic site through advanced permissions with regard to Guest Users in the Resource Tenant?
What is the relationship of guest users added to a SharePoint classic site through advanced permissions with regard to how they are associated with the tenant? Are these users B2B Collaborators or would they be considered B2B Direct? How does this work…
Validating Azure B2C Token Object ID for API Access to Corresponding Azure Storage Container
Hi, currently I have an API that allows users to send requests to an external Azure Function with the role of "Storage Blob Contributor" to upload and download files to my Azure Storage account's containers. Each container corresponds with a…
Methods for assigning users to subfolders in Azure Storage containers
Hi, currently my API's architecture consists of users logging in via B2C, then once they login to my API my Azure Function checks the user's B2C object ID. This object ID correlates with a Azure Storage container subfolder in a SQL database. The Azure…
Error AADSTS50011: The redirect URI
Hello, I'm using Azure Application Registration, with the Oauth Imap plugin. However, when I provide the user's access data and try to authenticate, the attached error appears. Now try the procedure in this article. But I can't enter Microsoft Login ID.…
Azure AD B2C - API Connector - 400 Bad Request: There was a problem processing your request. Please try again.
Hi, I'm getting a 400 - Bad Request with response body {"errorMessage":"There was a problem processing your request. Please try again.","httpStatus":"400","numberOfAttempts":1} 'before…
Web Redirect URIs for Azure AD B2C don't work when URI contains combination of subdomain and port.
When using Azure AD B2C to register a SAML\OpenID application, the Redirect URI attribute never seems to match when the URI contains a sub-domain and port number. Individually these work OK. This also doesn't affect regular Entra ID, only Azure AD…
how can I set up a callback url of a open id identity provider?
I have an Open Id Provider set, but there is not field for the callback url of the provider. When I click on the authetification with the Open Id Provider, it is called the Open Id provider with a callback url that I did not configure, and after I log in…
AVD access for Entra External ID
Are there any plans to allow access to AVDs for Entra External IDs? We would like to allow SSO to AVDs for external users.Thanks
Corrupt Entra ID Tenant
I created an 'external' Entra ID tenancy but somehow it's now configured in an unmanageable state. This may be because of a combination of me configuring MFA and Visual Studio registering an App. The symptoms are as follows: When viewing the tenant…
User (Colleague) Invitation Login Failure for CIAM Directory: User invitation link return AADSTS500208: The domain is not a valid login domain for the account type
I am the global admin or our tenant and I created a new tenant directory for our app using Microsoft Entra ID for Customers. I'd like to add a colleague from our default tenant to administer the tenant directory of our app. What is the best way to do…
How to set SessionNotOnOrAfter attribute in Entra ID?
GitHub supports the SessionNotOnOrAfter attribute in the AuthnStatement…
Azure AD B2C User Account Recovery Code
We have setup Azure AD B2C login for our application. Currently we have setup custom policies for Signin Signup using TOTP MFA which is working fine. We want to implement a recovery code functionality using which user can download recovery code during…
Request for Assistance: "Need Admin Approval" Error
I am reaching out to seek assistance with an issue that we are encountering an authentication issue when users attempt to access our application, which is registered in Azure Active Directory (Azure AD) Description of the Issue: When attempting to access…