This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 95%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hi!
In the process of trying to setup Google as IdP and Azure as SP, I ended up breaking something and now noone from the domain can login ;(.
When trying to login to MS services, users enter their username, but and then greeted with "Choose a way to sign in" any no options whatsoever.
In order to run any of the relevant federation powerhsell commands, I need to be logged in with the domain Global Admin, but it fails as mentioned above.
I am logged in Azure Portal, but I see no trace of any Google IdP I could remove manually.
I can login using other domains but it doesn't have the scope beyond the logged in domain.
I might try to run "Remove-MgDomainFederationConfiguration" but it requires "InternalDomainFederationId" which I don't know where to find in Azure Portal. The command probably wouldn't run anyway, due to wrong domain of the logged in user.
Any idea how to fix it?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
I'm glad that support team was able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "[The question author cannot accept their own answer. They can only accept answers by others] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#why-only-one-accepted-answer)**)", I'll repost your solution in case you'd like to "[Accept] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#accepted-answer-in-a-question-thread)**)" the answer.
Solution:
Had to run below command to resolve the issue.
Update-MgDomain -DomainId <domain name> -AuthenticationType "Managed"
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi. I've tried to setup federation using this:
https://video2.skills-academy.com/en-us/education/windows/configure-aad-google-trust
so nothing is visible as identity (nothing in powershell, nothing in entra id)
Thank you for posting this in Microsoft Q&A.
As I understand you tried federate Azure AD with Google IDP. Something went wrong and not you are unable to login to Azure portal.
You want to revert the federation and get the Azure AD domain back to managed where Azure AD will authenticate the user.
In this situation since you do not have access to the admin credentials to run the command or you do not know "InternalDomainFederationId", you can reach out to our support team. You can look into below article to get support numbers depending on your country.
or creating a ticket through a different account: https://video2.skills-academy.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support
Create a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.
Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.
Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.
https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Microsoft support provided a link with this command that seems like has solved the issue and now I'm back to managed:
Update-MgDomain -DomainId <domain name> -AuthenticationType "Managed"