Azure B2C - Maintain a login session and manage access tokens in a SPA (React)
Hi 1) We are using Azure B2C to manage external users sign in, sign up, password reset, MFA for a Single page app . Currently we are using MSAL 2.2.0 (tried 2.4.1 as well) to login the user using the msal.loginredirect flow. Once the user is logged in ,…
Enterprise Applications vs All Applications
I think understand the difference. But here is one scenario I don't get. Let's say Tenant-Blue has BlueApp, clientID is "blue". Now I goto Tenant-Yellow and search for "BlueApp". (It was rumored that an admin of Tenant-Yellow…
MFA setup not going through.
Verify your identity Sorry, we're having trouble verifying your account. Please try again. View details The call to verify option isn't responding too. Then, the troubleshooting information shows this; If you contact your administrator, send this…
Location mapped to IP in MCAS (Microsoft Cloud App Security) is different from Azure AD Sign-ins
I've seen several instances where the location mapped to IP in MCAS (Microsoft Cloud App Security) is different from Azure AD. For example, MCAS mapped IP 185.247.70.52 to Romania and Azure AD mapped location to Dallas, TX. This triggered false positive…
Azure Active Directory Domain Services with a file server
Hey Everyone, i am have used Azure Active Directory Domain Services with azure file shares but never before with an actual file server. I know i can attach the new file server vm to the Azure Active Directory Domain Services domain, but can i set up…
Azure Active Directory Domain Services with a file server
Hey Everyone, i am have used Azure Active Directory Domain Services with azure file shares but never before with an actual file server. I know i can attach the new file server vm to the Azure Active Directory Domain Services domain, but can i set up…
Where can I download my MFA recovery token codes ?
Greetings, When activating TOTP on my account, there was no link to download my recovery tokens (as codes). Searching through my profile and official documentation, nothing to be found. It means that, if my device is lost, or if the database…
Azure Active Directory Domain Services (AADDS) - Replica Sets preview duration
I have a need to enable AADDS Replica Sets, which is currently in preview. I am having a hard time figuring out how long this preview will last and whether we should use this or not. I know that guessing at Preview duration is a fool's errand, but I…
Azure Active Directory Domain Services (AADDS) - Replica Sets preview duration
I have a need to enable AADDS Replica Sets, which is currently in preview. I am having a hard time figuring out how long this preview will last and whether we should use this or not. I know that guessing at Preview duration is a fool's errand, but I…
Looking for a Python/Django/Djano-REST-Framework library to verify access_token from Azure AD
This has been a real frustrating struggle for several days now and I need to get it wrapped up. So in my app, and how I understand this should work in all microservice applications, the flow is the following: User navigates to…
acquireTokenSilent() returns an access token signed by the wrong key
I have an SPA that uses MSAL (msal-browser@2.7.0) to authenticate against Azure AD B2C. I call loginRedirect() and everything works as expected. Once the redirect comes back, I save the account information in handleRedirectPromise() and then use…
How is the sub claim in the userinfo OpenID endpoint established?
Hi, When I register an app in AAD, and then perform an OAuth2 / OpenID authentication, and then query the OpenID userinfo endpoint (https://graph.microsoft.com/oidc/userinfo) with the access_token, it returns a JSON like this: { …
Azure Active Directory - Logout ( Mendix )
We are trying Create Single Sign On application using Azure Active Directory and Mendix The SAML Configuration is given below. ![38570-saml.jpg][1] We are able to login with the Microsoft account but the actual problem comes when we tried to…
Input-Field "Who can consent?" is missing in edit/new pane of custom scope. "AD B2C"/"Exposed API"/"Add Scope":
If i edit/add a "scope" of an "exposed api", normally i have to choose between "Admin" or "User and Admin". The Input-Field is missing, so i just can add a "Admin" scope. For me it looks like an…
Azure AD B2C using access token produced by password reset policy
I have a custom password reset policy in Azure B2C. Q1: is that possible to use access token emitted by the policy in my FE application (MSAL.js v2)? Q2: is that possible to include email address as a claim of the token produced by my policy?
MSAL - AcquireTokenInteractive - different user experience
I am performing an oauth flow for signing into EWS using MSAL (4.22) and AcquireTokenInteractive. This is working but it is offering a different and much less convenient sign-in experience from that in a 3rd party off-the-shelf tool that is also…
Enable Azure Security Defaults
I receive the following error when trying to enable Azure Security Defaults: "It looks like you have Identity Protection policies enabled. Enabling Identity Protection policies prevents you from enabling Security defaults." I have disabled…
Azure AD Users Fields Length
Hi We would like to know what would be the maximum number of characters are allowed for the following fields of users in Azure Active Directory UserName Email Address First Name Last Name Thanks, Subbu
While deploying MFA for users, why are users getting repeat password prompts in Outlook app?
My company is trying to implement text-based MFA for our users across our company. However, Whenever I enable MFA for a user, then they proceed through registration and status updates to Enforced, Outlook desktop app starts freaking out and repeatedly…
Migrate Custom Domain Name from AAD with Self-Service Users
I haven't been able to find much information about this scenario so any help is appreciated. I want to migrate the custom domain on one tenant to a new tenant. Users have been created in our current tenant through self-service (creation type:…