I have a test AzureAD which was federated with a PingFederate instance. This was working for a while and tried logging into it with a test user today after several months but getting a strange error
The flow starts from login.microsoftonline.com, which (after domain discovery) redirects you to PingFederate for login. PingFederate performs user validation and sends the SAML response correctly back to Azure (Subject is the objectGUID, UPN is the userPrincipalName and ImmutableID is the objectGUID).
The user exists and the ImmutableID matches the ObjectGUID. See below:
I have removed federation, deleted the federated users (permanently), re-federated and re-synced the users but no luck. I have also created a new user in AD for federation and that also comes up with the same error.
I've also tried manually changing the ImmutableID with Set-MsolUser but didn't make a difference.