How to fix : AADSTS500126: External ID token from issuer '{issuer}' failed signature verification. KeyID of token is '{keyid}'.
I am working on creating external authentication method using OpenID connect flow. Now I am looking for the last step where the generated id_token from issuer need to verify by Microsoft Entra ID. However, I am getting the following error :…
SAML Authentication on multiple Service Principals (SPs) with only one login
Hi. I have two firewalls acting as proxies. Each firewall has different resources behind them. This firewalls are configured as SAML SP's and Azure as SAML IdP to get authentication with Microsoft credentials before access any resource behind the…
Access review in Azure is set to start tomorrow and it currently shows "Not started" with 0 users listed
I have created an access review in Azure, which is set to start tomorrow, and it currently shows "Not started" with 0 users listed. why is this so? Is this expected behaviour?
![](https://techprofile.blob.core.windows.net/images/-V20hf5_AwAAAAAAAAAAAA.png?8D9BCA)
Why do Entra ID SAML claim transformations work differently for different claims?
Scenario: In an Entra ID SAML-mediated SSO solution, I have to configure the identity provider to deliver a set of claims that all correspond to an email address. Depending on whether or not a specific extensionattribute contains a value (a set of…
I puchased the Standard Subscription, but it shows as Pay as You go. Been trying to fix for two weeks but all the chat robots do not work
I puchased the Standard Subscription, but it shows as Pay as You go. Been trying to fix for two weeks but all the chat robots do not work
![](https://techprofile.blob.core.windows.net/images/nangnqqNAkuWTT7031X8vg.png?8DC67A)
I deleted xxx.onmicrosoft.com domain but I am unable to reuse it - it is still in use
Hello, I created a tenant xxx.onmicrosoft.com, but I selected a wrong country. I decided to create a new tenant with the name xxx2.onmicrosost.com I deleted all xxx.onmicrosoft.com users I deleted xxx.onmicrosoft.com domain. I waited 96 hours I…
![](https://techprofile.blob.core.windows.net/images/nangnqqNAkuWTT7031X8vg.png?8DC67A)
What is the cause of the following error - "getting assigned identities for pod <namespace>/<pod_name> in CREATED state failed after 20 attempts, retry duration [5]s" , while connecting to IMDS endpoint from a pod in AKS.
I am trying to connect to Azure Key vault via user assigned managed identity from a pod of AKS. I have provided the necessary RBAC role to the identity. I have created Azure Identity and Azure Identity Binding. I have updated my deployment with…
![](https://techprofile.blob.core.windows.net/images/d2tvFBHkuECHIdJFwoOShw.png?8DB3F8)
Not able to make IMAP & Graph APIs work
Hi, I am trying to connect to office 365 mail box through IMAP . for this I am using @azure/msal-node. which is giving me access token. When I decode that token at https://jwt.ms/ , it gives me following roles : "roles": [ …
Entra hybrid join
We are planning to entra hybrid join devices .At present devices are domain join+intune enrolled(Entra registered).We allowd 4 urls for connectivity in firewall and proxy.we run test device regconnectivity.ps1 in test devices we are getting connectivity…
![](https://techprofile.blob.core.windows.net/images/2ZL2cmQTs0W7kFI7__RU8Q.png?8D8987)
Guidance on how to use Service Principal with Certificate to Authorize for EventHub Stream Read
I found this documentation https://github.com/Azure/azure-event-hubs-spark/blob/master/docs/use-aad-authentication-to-connect-eventhubs.md online on how to use service principal with certificate to use spark stream read from EventHubs, I want to do this…
Azure AD B2C Custom Policy as a Federated Identity Provider in AWS Cognito User Pool
I have an Azure AD B2C Custom Policy defined with OpenId Connect. I ahve four custom claims added in the policy and they correctly appear in the response (id_token) of the policy when tested using the B2C Custom Policy 'Run Now' menu in Azure portal. I…
Troubleshooting Microsoft sign-in issue with OIDC flow for organization/school users
I'm trying to implement sign-in with Microsoft using the OIDC flow in my application. However, when I test with my work account or Microsoft account xxx@microsoft.com, I get error messages saying that the Microsoft account doesn't exist or that the…
Need help in migrating Apps from ADAL to MSAL
Hi Team, Could you please me to check how an app is using ADAL from "app registration" form level? I was able to get list of apps using ADAL from Admin center. When I compared the app using ADAL along with a new app I just created, I couldn't…
REST API integration in Azure AD B2C Custom Policy
I am trying to call Token endpoint for B2C Custom policy. When verified through postman, I am able to successfully call the endpoint. The parameters used in this postman request are as seen in the attached image. I want to integrated this endpoint in my…
How to add a timeout system to my API Management Developer Portal?
I have an API Management developer portal (standard tier) that I want users to be timed out of after inactivity. I've been testing my developer portal and it seems that the user will stay signed in even if they do not interact with the webpage. I am…
Azure Key Vault Authentication failing from desktop application
I am trying to access Azure key vault form my electron desktop application. My App is registered on Azure but I don't want to expose my app secret to create credentials and also my app isn't hosted on Azure, DefaultAzureCredential is not yielding desired…
Issues with updating Company Branding in Entra ID
Hello! We changed our company name last year and I have been attempting to update our Company Branding in Entra ID for a few months. I've followed all the directions…
Enforce Web Sign in for RDP client
Hi All, Is there a specific Group Policy Object (GPO) or Intune policy that will enforce the "User Authentication" checkbox setting in the RDP Client settings? We want to ensure that all administrators use Entra ID modern authentication for all…
Auto Labeling sensitive types
When creating a sensitive label, I want to use Full Name + All Physical Addresses, combined. The auto labeling will label the file when combined, but it will also label , Full Names by it self and the same with All Physical addresses by its self. How can…
The ClusterRoleBinding aks-cluster-admin-binding includes the User clusterUser as a subject
Hello On an RBAC & AzureRBAC enabled AKS cluster I have noticed that the cluster-admin ClusterRole is bound to two subjects through the aks-cluster-admin-binding ClusterRoleBinding: User/clusterAdmin User/clusterUser This is unexpected. As far as…