InvalidHardMatch error in 2000+ accounts because of excluded 'mail' attribute
Hello, we have around 1300 users in our on-premise AD which are sharing mail addresses. When I tried to synchronize these accounts to Azure, I got Duplicate Attribute error, of course. I can't change mail addresses for these accounts so I excluded 'mail'…
Alternative to advanced queries in Microsoft Graph API
Hello everyone, I am trying to import users from Entra ID using the Graph API. The import should be done by company, as there are multiple companies in the Tenant. A request like this is working fine (I have tried) :…
Handling refresh tokens in Azure (Microsoft graph) delegation flow
I am working on a project where I need to create events in user's Outlook calendars. The requirement is that job inspection dates should be added to the calendar of relevant users. Additionally, users should have the ability to manually create events on…
Can SSO account alone created first and then create work email account?
Hi Experts, We have a requirement that when new employee is given offer from our company, we want them to login into our application and complete their pre boarding tasks. At this point, we dont want to create work email address for them. We just want…
Entra Private Access no data sent
Hi We are using Entra Private Access. It has been working fine, but now the logs fra entra show no sent data. Clients and connectors are green with no sign of problems. Problem is not related to conditional access (tried turning it off) Tried…
What is the default and maximum page size for Directory Role APIs.
I'm trying to integrate Directory Role API with another service. Example: List Directory Roles Ref: Optional Query Param If $top is not supported with this API using, What is the default behavior from the server side for Directory Role API? Is it…
updating guest account on azure AD
TEam, we have few guest accounts in environment already created but not first name, last name stamped on the guest accounts can you help me with PS script that help us in updating last name, first name of already exisitng guest accounts in Azure AD that…
AD Connect Server behind NAT
dear All, We have parent entity "msg.local" which currently has the AD Connect Server deployed. We have Child entity "Det.local" which is having the user/computer object, We would like to sync the det.local objects via AD Connect…
Enterprise App X.509 certificate expiring time
I authenticate an webapp that use SAML auth with X.509 certificate from Azure Enterprise App. It work perfekt, but cert expire after few weeks. How can I change expiring time?
Unable to activate Entra ID P2 License
When I tried to activate the Entra ID P2 License it wants me to create a new account I don't know why it wants me to do this I already have an Azure account.
Authorized client application, but user is still asked for consent
Under my app registration, I went to "Expose an API" and added the ID for my client application to "Authorized client applications". However, when I go to request an access token from my client application, I'm still asked for user…
How can I exclude salesforce chrome extension from conditional access app control policies
I'm testing Salesforce app monitor using MCASB session control policies. To redirect Salesforce app access to MCASB, I created conditional access policies with conditional access app control. Salesforce team is using chrome extension that stop…
Entra External ID AttributeCollectionSubmit does not include ObjectId
0 I registered a custom authentication extension in Entra External Id that will call my api during user signup with the AttributeCollectionSubmit event type. I would like to register this user in my external database during this call. However, the user…
Client Credentials Flow | How to read azp (application id) value and use it to get application name in Client Credentials flow?
Hi Team, We are generating a token with Client Credentials flow and custom policy. We get application id as "azp" in the token. We also need application name in the token. Is there any direct way to configure B2C custom policy to get…
Razor WebApp & Azure Active Directory SSO Redirect Non tenant users
I have connected my razor web app with aad sso which works and performs as expected. However, when a user tries to login that is not part of the aad tenant, it defaults to the basic error page which then shows the tenant's name, appid etc. How am I able…
How to let a user from a Microsoft Entra organization sign into a B2C transparently?
Hello, I have followed this link to enable users from an Entra ID to sign into our B2C. However, the user is still required to create an account in our B2C manually (see screenshot). How do I set it up so the B2C account is created automatically, or at…
What URL's need to be excluded for CiscoAnyConnect always on VPN for SSO?
The goal is to implement always on VPN but we also need to use Azure SSO to verify identity. Someone over on Meraki community suggested that we add login.microsoftonline.com and login.live.com to the allowed hosts list in the profile, which we've done…
ERROR CODE 43881 Trying to activate the free P2 trial.
P2_TRIAL .png I'm getting ERROR CODE 43881 Trying to activate the free P2 trial. how can I fix it?
How can I join windows device to AZureAD(Entra ID) through the command or win api?
Hi, I need some help. So far, I've joined the device to my work or school network by following the link below and found my device in the Microsoft Entra Admin…
How to get email address from Azure SSO JWT?
Hi, We are implementing a One Outlook plugin, but we have security concern in the authentication. Referring to https://learn.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins using Azure SSO we managed to get the JWT. From the JWT, we…