Hi @mohamed assem , this error occurs when the domain name in the TXT record does not match the domain name in the passive sign-in URI. To resolve this issue, you need to ensure that the domain name in the TXT record matches the domain name in the passive sign-in URI.
Here are the steps to follow:
- Check the passive sign-in URI of your external identity provider to see if the domain matches the target domain or a host within the target domain.
- If the passive sign-in URI is a host within the same domain, then no DNS changes are needed.
- If the passive sign-in URI is not within the same domain, then you need to add a TXT record to your domain's DNS records.
- The TXT record should have the following format:
Domain_name IN TXT DirectFedAuthUrl=passiveauthenticationURL
ReplaceDomain_name
with your domain name andpassiveauthenticationURL
with the passive sign-in URI of your external identity provider. - Wait for the DNS changes to propagate. This can take up to 24 hours.
- After the DNS changes have propagated, try configuring your external identity provider again.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James