1,173 questions with Active Directory Federation Services tags
How to migrate a Relying Party Trust in ADFS for Office 365 (EntryID) to a new Forest
We need to migrate ADFS (>5 years old) from an old AD forest to the new Forest. We use ADFS, among other things, for SSO with custom domains for EntraID. For federation and creating the relying party with EntraID (Office 365 / Microsoft 365) I used to…
Why Entra joined machine need certificatemixed endpoint in ADFS ?
According to this https://learn.microsoft.com/en-us/entra/identity/devices/device-join-plan#federated-environment in ADFS certificatemixed endpoint need to be enabled . Entra Joined machine does not have MFA during machine login and it uses only user…
can we migrate unregistered active directory domains(.local) to azure entra id
I want to migrate .local domain which is not registered to azure entra id
Federation Service Error with Secuirty Event 4625
I got new ADFS service in Domain A and served forest trusted Domain B . The federation service get hung frequently for Domain B only , user logon process wiill roll back to the login page without any error message. Meanwhile, the federation service to…
AD FS Tracing/Debug Event 153 - None of the UPNs were successful for S4U Logon call
While trying to login on ADFS page login page, page get refresh and ask for login again (ADFS login loop). When I checked event log in AD FS Tracing/Debug I am getting event 153 with message "None of the UPNs were successful for S4U Logon…
Unable to verify token signature. The signing key identifier does not match any valid registered keys.
getting this below error for all new starter, and if we change the password on old user they are not able to login on O365. Sign-in error code 5000811 Failure reason Unable to verify token signature. The signing key identifier does not…
Do I need a verified domain to federate applications in Entra ID?
I'm trying to integrate an application with my tenant via SAML. It's one of the applications listed in Entra ID's application gallery. One of the steps required in the tutorial is to verify a domain in the application. As I'm not the owner of the…
How to Bulk Update Users Employee ID from an Excel File on Active Directory using Powershell
Hi, Does anyone knows how to use script to add employee ID in Active Directory Server using Window Powershell? Please help me!!! Thanks
How to deal with Expired Inactive Certificate?
We are using Azure AD for SSO with AWS. We have multiple Enterprise applications showing the status as "Expires soon", "Expired Inactive Certificate" or "Expired". For the "Expired" one, we have selected the new…
Non-active directory users need authentication/SSO
Hi - Im looking for a license type or service provided that satisfies the ability to have non-active directory employees (ie: seasonal or temp employees) logging into an application via SSO. is there a way to do this so that you do not have a full O365…
Custom Login without the Microsoft Login Popup
Hi, Our client has a SAP Commerce Cloud(hybris) B2B solution and the login page is currently integrated with another IDP provider. They want to migrate to Azure AD and using the current login page want to seamlessly allow the user to login without the…
Is it possible to bypass the user details prompt for azure B2C federated login for first time user.
When a AD user try to login through the federated login user flow into application then login they are getting an user detail prompt page. We want to disable this flow for AD user. Team can you please help me with this.
Please help us customize adfs\ls endpoint in ADFS 5.0
Good day! Currently we are using ADFS 2.0 which has a site hosted at adfs\ls in the same federation service. And we customized adfs\ls site and add few of our own components. And we are in the process of migrating from ADFS 2.0 to ADFS 5.0 and the same…
AADSTS51004: The user account it does not exist in the e8c002ec-e5f4-4a8f-a41b-ce101e0a1a51 directory. To sign into this application, the account must be added to the directory
Hello, I am writing concerning an issue that I am experiencing, specifically with Federated domains where the entity provider is Google Workspace and the service provider is MS 365 A1. Even though from Google I reauthorise automatic provisioning for…
Problem with AD Connect
I inherited a system that had been federated to Azure using ADConnect v1, then they deleted the server and connected loaded ADConnect v2 and synced the domain to this. The cert expired and that is when I learned the did not use Federated domain to load…
Bypass HDR at ADFS for case Azure B2C as SAML Identity Provider
I have setup per this article https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-adfs-saml?tabs=windows&pivots=b2c-custom-policy It is working but now I need to Federated with another partner. Added this partner to Claims…
Does changing the email field on the on-prem field cause Legacy DN Value?
Hello, We have a hybrid environment with on-premises AD syncing to their Azure AD We converted an on-prem user profile to External ID in Azure AD. As a result, sending party is receiving an NDR whenever they try to send an e-mail to this converted…
About IE GPO policy
In Computer Policy GPO Management Templates > Windows Components > Internet Explorer >Internet Control Panel>Security Page>Intranet Zone Items within Allow websites to prompt for information using scripted windows - Prompt for information using…
SingleLogout privatekey and certificate
I am using Spring security https://docs.spring.io/spring-security/reference/5.7/servlet/saml2/logout.html for implementing SAML single logout. I got my single logout flow to work by providing a dummy set or private and public key since it requires me to…
"The certificate doesn't have a private key error" in adfs diagnostic analyzer after updating adfs certificate.
I updated our ADFS Service Communications Certificate today. Everything seems find and I'm seeing successful authentications, however when I run Microsoft's ADFS "Diagnostics Analyzer" I'm seeing a new error that states, "The certificate…