question

BryanPowell-2926 avatar image
0 Votes"
BryanPowell-2926 asked ·

Azure Active Directory Access for Windows Admin Center not working

We registered our locally hosted Windows Admin Center Gateway(Server 2019, Admin Center Version 2009/Build 1.2.2009.21002) without issue. We then flipped on the option to add "Use Azure Active Directory to add a layer of security to the gateway". All pertinent users have been assigned the application in Azure AD/Enterprise Apps. However, we are seeing 2 issues:

  1. Most users are not being prompted to sign into Azure AD. Some are, but it is not consistent as to who is or is not prompted. I am aware the Azure login is a supplemental prompt for access.

  2. For those prompted, when attempting to sign in, they are met with an error the app "...needs permission to access resources in your organization only an admin can grant." This also affects when attempting to sign in to Azure in the Windows Admin Center control panel. I double checked the settings and they looked correct, specifically
    Manual Azure AD app configuration.

On paper this configuration seems straightforward, but it is not working. Does anyone have any ideas on what I am missing?


azure-ad-graphwindows-server-management
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @BryanPowell-2926 , we are investigating your issue and will update you shortly.

Best,
James

0 Votes 0 ·
  1. Your problem is that some users are not asked to provide credentials since SSO works for them, while others aren't because they don't have the right cookies. Once they log in successfully the SSO should start working. More on this here https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on

  2. Please share a screenshot of the exact error that you are getting. Are these users having the right permission to view the resources that you are trying to access? How different are they from the ones that are able to login?

0 Votes 0 ·

0 Answers