question

shashanksaxena-6941 avatar image
0 Votes"
shashanksaxena-6941 asked shashishailaj answered

Not able to understand Sign-in logs error in Azure AD

Hello All,

Hope you are doing well.

Some of my users are getting the below Sign-in error:




This is not an error scenario, but is handled like one by Azure AD to handle certain authentication flows. This is not an indication that anything went wrong.strong text



and over the internet, there is no justification given and the error code for this error might be 16000. Can anyone suggest the resolution.

Regards,


azure-ad-user-managementazure-ad-single-sign-onazure-ad-sign-in-logs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

shashishailaj avatar image
0 Votes"
shashishailaj answered

@shashanksaxena-6941 ,
There could be few reasons for this error. If the user have signed on to the application using different identities , this is an interrupt which will show you all the valid SSO logons available. As per the AAD error codes article the following are the details.

  • AADSTS16000 SelectUserAccount - This is an interrupt thrown by Azure AD, which results in UI that allows the user to select from among multiple valid SSO sessions. This error is fairly common and may be returned to the application if prompt=none is specified.

While logging on to the application the authorization URL the prompt parameter can have a value as login_hint which can resolve to the userprincipalname of the user. You can setup the application to prefill the same if its already known . If the prompt=login_hint is added to the authorization URL you can avoid this error. It may be possible that your application was designed earlier and with ADAL library which is being deprecated now and will only receive security updates and will be completely phased out by June 2022 . Old applications which were designed with Azure AD ADAL library generally would pass the parameter prompt=none . I would request you to check with your application developer to get the application updated with the new MSAL library which will be the one that will receive updates going further. ADAL library will only receive security updates now.

Please check the article Migrate applications to the Microsoft Authentication Library (MSAL) for migrating the application to newer and better authentication library called MSAL . In case you are not a developer of the application , you may need to contact someone from the team that developed the application . If the information is helpful , please do accept this post as answer so that it will help others in the community . In case you still have any further queries , please let me know and I will be happy to help further.


Thank you .



Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.