18,454 questions
0
votes
0
answers
21
views
DefaultAzureCredential failed to retrieve a token from the included credentials
I am trying to follow this: https://learn.microsoft.com/en-us/azure/ai-foundry/agents/how-to/tools/code-interpreter?view=foundry-classic&pivots=csharp
I have (in my local Visual Studio Environment)...
- 150
Advice
0
votes
2
replies
34
views
How do I easily sync AWS Cognito members with Azure AD?
I have this Cognito group tied to its corresponding AD group, with lots of old members who don't even have access anymore because they were removed from AD. I'd really like to clean that up.
I think I ...
- 2,386
0
votes
1
answer
33
views
How to use `@azure/msal-browser` in SAP UI5 application with `ui5-tooling-modules`?
I am trying to integrate Microsoft Entra ID authentication in an SAP UI5 application using the @azure/msal-browser library. However, I am facing an issue where the module cannot be resolved when ...
- 34.4k
0
votes
1
answer
48
views
User notifications in Optimizely CMS 12 when using AAD SSO
Does anybody know if it is possible to use the User Notifications framework in Optimizely CMS 12 when also using single sign-on together with Azure AD? I want to implement something similar to what is ...
- 119
0
votes
0
answers
52
views
Unable to get webLink for Microsoft 365 Group messages using Microsoft Graph
If a user is added to a Microsoft 365 group, they receive new mails in their inbox,
but previous mails remain inside the group mailbox (visible in Outlook under Groups).
I want to search a work order ...
0
votes
0
answers
46
views
make Excel “Sign in with Organizational Account” work with Spring Boot API and Azure AD
I’m developing a Spring Boot API that serves data to Excel via the “Export to Excel” feature. I want Excel to authenticate with Azure AD before calling my API.
I’ve implemented a custom ...
0
votes
1
answer
70
views
PnPjs Library: Create Sharepoint site fails with HTTP 400 response
I'm trying to create a SharePoint site using PnPjs library, but it fails with an HTTP 400 error. Any idea what might be causing this?
Reference: Creating a modern team site with PnPjs
Library: @pnp/sp
...
- 3
0
votes
1
answer
49
views
Azure SqlMI with Managed Identity - Connection works when running locally but not from Azure VM
I am attempting to connect a .NET Core Winforms application to an Azure Sql Managed Instance using a user-assigned managed identity. The Managed Identity has been created and assigned to the Managed ...
- 33
0
votes
0
answers
111
views
How to include email in Microsoft Entra External ID Google Configuration AttributesCollectionSubmit payload
I currently have an azure Entra External ID tenant working with a signupsignin user flow for local account that collects a few user attributes: name, surname, country, displayname. I then use the ...
- 553
0
votes
1
answer
71
views
Azure function calling protected API using Azure AD App Registration (Client Credentials Flow not working) [closed]
I have an Azure AD App Registration where I've exposed an API scope called AppUser.
This scope is being used for authentication in my Web API project, and everything works fine when the API is called ...
0
votes
0
answers
47
views
Matrix Synapse Azure / Microsoft SSO: what kind of value is saved / Stored from a Azure user (not object-id)
we want to migrate our LDAP users to SSO from our #synapse #matrix server and we have already many users, which are using Microsoft SSO Login. Matrix Synapse uses Authlib and there is a table (...
1
vote
0
answers
79
views
CSOM code to connect to SharePoint Online via Azure Active Directory app throws 401 error
I am trying to use CSOM to upload files to SharePoint Online. I have created an application in the AzureAD/Entra ID portal and I have the following data.
ClientId or ApplicationId
TenantId
Secret ...
- 808
0
votes
0
answers
123
views
MSAL python OBO authorization flow gives error AADSTS90014: The required field 'iss' is missing from the credential
I have a SPA front-end and python function app back-end. I had originally been using managed functions via Azure Static Web Apps, but I was running into a lot of errors and ended up switching to a ...
0
votes
0
answers
29
views
Azure Communication Service: SMTP-gebruiker koppelen aan App Registration lukt niet (Unknown / Not applicable)
Ik probeer via Azure Communication Services (ACS) e-mails te verzenden vanuit een Laravel-applicatie via SMTP, maar ik loop tegen het volgende probleem aan:
Huidige situatie
Resource group bevat:
...
- 1
2
votes
1
answer
617
views
n8n Microsoft Graph OAuth2 login still fails after admin consent
I’m trying to connect n8n cloud Microsoft nodes (e.g., Teams, OneDrive, etc.) but I keep getting the error:
Need admin approval
I asked my admin to follow these steps in Microsoft Entra:
Go to ...
- 353
0
votes
1
answer
161
views
Get AD security groups in NGINX through OAuth2
I'm currently working on a project with multiple interconnected HTTP APIs and I'm adding authentication. The infrastructure I'm working with has a Azure Active Directory 2025 and an SSO accessed ...
0
votes
0
answers
66
views
Is there a way to clear the last user in microsoft multifactor authentication
So I have a flutter PWA that is used on shared iPads which all works except the Authentication. A requirement for the App is that the authentication is to be handled with
Microsoft OAuth and ...
0
votes
0
answers
261
views
How to grant an Azure Service Principal access to a specific SharePoint site (using Sites.Selected permission model)
I’m trying to connect Databricks with SharePoint and need an Azure Service Principal for the connectivity. I want to grant this Service Principal access to specific SharePoint sites, but I’m unable to ...
- 145
0
votes
0
answers
57
views
Do we need to create a custom class for OAUTH in kafka connect cluster to authenticate Confluent kafka connect from a custom managed kafka
We have Confluent Kafka Connect cluster,and Microsft Azure AKS where kafka connect runs,it need to be autheticated with conflunt managed kafka cluster using Azure managed Identity,(federated one)how ...
- 29
0
votes
0
answers
149
views
Unable to Test Multi-Tenant Azure Bot – Unauthorized Error
I am trying to create a multi-tenant Azure Bot. Since the old “multi-tenant” option for bots is no longer available, I instead created an App Registration with account type “Accounts in any ...
- 117
0
votes
1
answer
144
views
Azure App Registration cannot get token from another app
I created a new Azure App Registration (App1) and exposed as an API. The MS Graph API permission which it has is:
Application.ReadWrite.OwnedBy - Application (Admin consent granted)
GroupMember.Read....
- 578
0
votes
0
answers
76
views
MSAL javascript library, getting "client_id_aud_mismatch" error when trying to get access token
I'm using msal in an angular app inside an Outlook Add-in. Using IPublicClientApplication which gets initialized in the Office.onReady event like this:
import { createNestablePublicClientApplication, ...
- 136
0
votes
0
answers
86
views
InteractionRequiredAuthError: Application requested a user which does not exists
I'm using the following two modules to integrate Azure authentication into my application:
import { MsalAuthenticationTemplate, MsalProvider, useMsal, useAccount } from '@azure/msal-react';
import { ...
- 669
0
votes
0
answers
58
views
Issues with Azure DevOps Authentication During Domain Controller Failover
I am experiencing an issue with Azure DevOps (TFS) that impacts its ability to authenticate when one of our two domain controllers goes down. Here are the details:
Environment: Azure DevOps is ...
-1
votes
1
answer
120
views
Blazor Web App (.NET 9) InteractiveClient Mode: No Built-in Authentication/Authorization?
I'm building a Blazor web app using .NET 9 and targeting interactive client render mode (InteractiveWebAssembly) and authenticating with Entra ID (and using Entra ID roles for authorization). My goal ...
- 213
1
vote
1
answer
53
views
Unable to Modify Azure AD B2C Components Using Local Account
I created a local (email + password) account in my Azure AD B2C tenant, which successfully signs into my web application via user flows. However, this account cannot access or modify B2C components ...
- 15
0
votes
1
answer
133
views
Model Context Protocol - MSAL ArgumentNullException for keyChainServiceName (macOS) & attributeKey1 (Linux) with Microsoft.PowerPlatform.Dataverse.MCP
I'm trying to connect to Dataverse using the Microsoft.PowerPlatform.Dataverse.MCP local proxy tool as described in this official guide:
https://learn.microsoft.com/en-us/power-apps/maker/data-...
- 19
0
votes
1
answer
110
views
403 Forbidden Error when calling Invoke-GraphRequest
I have got the code below, its running with the context of an application account. Runs fine when it runs on the context of an interactive user when setting the following scopes.
$scopes = @(
&...
- 1,099
0
votes
1
answer
343
views
Unable to login to Dependency Track using Microsoft Entra ID (Azure AD) account [closed]
I have deployed the latest version of Dependency Track using Helm chart on my Kubernetes cluster and configured all the variables related to enabling authentication via OpenID connect for Microsoft ...
- 5,920
0
votes
1
answer
423
views
Issue: Logout Fails with "AADSTS90015: Requested query string is too long" Due to Large id_token_hint
I'm using Angular with OIDC authentication (via angular-oauth2-oidc) to authenticate users against Azure AD.
However, for users who are part of many Azure AD groups, the id_token_hint value is large ...
- 1
0
votes
0
answers
53
views
Authenticating a user in Swoogo who is signed in to our site via Entra SSO
We have a site that authenticates some users from a particular company with Entra SSO - OIDC.
The site then passes the user to Swoogo, ideally that company could add Swoogo as an app on Entra and we ...
- 2,859
2
votes
1
answer
222
views
Unable to Grant SharePoint Site Access via Graph API to App with Sites.Selected
I'm trying to use a Super App (with Sites.FullControl.All via client credentials) to grant SharePoint site access to another app (prod-sharepoint-integration) which has Sites.Selected.
Request:
POST ...
- 21
0
votes
1
answer
112
views
Resource not found for segment 'root:' in onedrive graph api
While uploading doc to one drive programatically, i use the path
"https://graph.microsoft.com/v1.0/users/%s/drive/root/%s:/[email protected]=rename"
for example for a ...
- 19
0
votes
1
answer
135
views
Azure ApplicationAccessPolicy not blocking access for certain users in Microsoft Graph API (application permission)
I am using an ApplicationAccessPolicy in Exchange Online to restrict an Azure AD application’s access to only one specific mailbox (my personal account).
The goal is for the application to only access ...
- 2,330
0
votes
1
answer
124
views
Passing temporary .NET Azure Credentials to a Container
I have created a .NET F# application that I want to build into a container. But am not sure how to pass development/test Azure credentials into the container.
I am trying to access an Azure Key Vault ...
- 15
0
votes
1
answer
237
views
Token V1 and V2 Postman inconsistencies
Doing tests before entering production, with Postman I have found some inconsistencies in the response of the tokens based on the request I am making.
If we have "requestedAccessTokenVersion"...
-1
votes
1
answer
81
views
Active Directory for Remote Users - Which option?
I need to implement an AD and GPO in the company. It is an education company, but since it is an e-learning platform, 80% of the employees work from home.
I saw Entra ID as a good option, the Office ...
0
votes
1
answer
152
views
How to get tokens for custom API and Microsoft Graph using angular-oauth2-oidc with separate configurations
I'm using angular-oauth2-oidc in my Angular application (Angular v18) to authenticate against Microsoft Entra ID (login.microsoftonline.com).
My primary goal is to get an access_token for my backend ...
- 7,812
0
votes
1
answer
104
views
AddKey to Enterprise Application using Azure Microsoft API
Attempting to AddKey to an Enterprise Application is resulting in a 403 (Forbidden) response:
Forbidden - 403 - Either the signed-in user does not have sufficient privileges, or you need to consent ...
- 27
-3
votes
1
answer
399
views
Bitbucket + SSO requires authentication every time now, how do I get it to remember the details?
I have checked out 10 bitbucket projects on my old laptop, and used them for years with intellij and git bash without having to authenticate when I pull/push etc.
I copied my dev folder to a new ...
- 12.8k
0
votes
2
answers
276
views
ASP.NET Core Web API on Azure App Service returns 401 Unauthorized when Easy Auth is set to "Require authentication"
I’ve deployed an ASP.NET Core 8 Web API to Azure App Service and I’m securing it using OAuth 2.0 Bearer tokens issued by Azure AD.
Setup:
App Service Authentication (Easy Auth) is enabled.
Identity ...
- 970
0
votes
1
answer
97
views
Is it possible to automate App Registration in the Azure portal using only a custom template?
I'm attempting to automate Azure App Registration using an ARM template with Azure CLI (AzureCLI) deployment scripts and also used powershell scripts. My goal is to create an app and extract its appId ...
- 1
3
votes
2
answers
641
views
Failed to create a Custom Authentication Extension (TokenIssuanceStart)
I'm trying to create a Custom Authentication Extension in an Entra External ID tenant.
I'm using a user with the Global Administrator role.
Following the official documentation, the Azure Portal (...
- 566
-2
votes
1
answer
2k
views
Error Code: 399287 Request Id: ff4d3486-2140-41e3-ab6f-f41ccaf70e00 Correlation Id: 7a5231f9-ec77-4ddb-be2e-67df124beda3 Timestamp: 2025-05-
Body
I'm encountering two separate but possibly related issues during user authentication with Microsoft Entra ID (Azure AD) using the OAuth 2.0 Password Grant flow.
Error: AADSTS900144 — Missing ...
0
votes
1
answer
159
views
restrict access to redis console in Azure
Im trying to restric the access to a specific group into the redis console in Azure, I thought about doing so by removing the group from IAM.
Example:
Group name: myDevTeamK500
IAM: check levels
if ...
- 910
0
votes
1
answer
116
views
Payload structure for Microsoft entra custom directory roles
I'm attempting to create custom directory roles in Entra using the Graph API, but I'm encountering several errors related to the payload. I need to know the correct payload structure to use
0
votes
1
answer
130
views
How can I securely verify the source of a webhook call in Azure Automation Runbooks?
I'm working on automating workflows where an Azure Automation Runbook is triggered via a webhook. The call originates from a GitHub Actions workflow, which is itself triggered by a HALO ITSM platform.
...
-1
votes
1
answer
282
views
How to get last login date & time for the logged in user in azure ad?
I'm using Azure AD for authentication in a React.js application. I need to retrieve the last login time of the currently logged-in user and store it in the database for use on the user management page....
- 669
1
vote
1
answer
280
views
AADSTS700226: Only MSI tokens may be used as Federated Identity Credentials for AAD issuer
Looking for guidance from Microsoft Entra ID experts. I am trying to test the following scenario:
Get a token from one Azure Tenant (T1) using client credential flow, but for token exchange scope. I ...
- 595
0
votes
1
answer
127
views
CSOM "Access Denied" when creating SharePoint modern page with app-only context
I'm using SharePoint CSOM in an Azure Function (App-only context) to create a modern page in the SitePages library of a SharePoint Online site.
The App Registration has the following application ...
