I am using auth0 to perform SSO for Microsoft Outlook. When I click on button it gives error like
Microsoft account.
Please help.
Can you provide a URL for the tutorial/document you followed to set this up, and a .HAR file of the full login transaction?
Make sure to remove any password from the .HAR file before submitting.
@nicolas_sabena
Here is the link for the steps that I have followed.
https://auth0.com/docs/connections/social/microsoft-account
login.live.com.har (87.0 KB)
I am also facing same issue. I registered my app to apps.dev.microsoft.com and note down app id and secret id. Then I create app in auth0 and visit connection and social and enable microsoft and provide app id and secret id and click on try button and getting same error. Any help?
This error will show up if you didnât register the callback URL (as mentioned in https://auth0.com/docs/connections/social/microsoft-account#4-enter-your-callback-url).
In @chetanmore14 case, it should be https://kandarp1993.auth0.com/login/callback.
Can you double-check this?
@nicolas_sabena
Thank you for your help. It worked out. Login is working but does not ask for user permission to read their profile. When I try from Connection â Social and try button on Microsoft, it will ask for permission. In my code, I have added audience and scope as well. Still does not ask.
You should get asked only once for the whole Auth0 tenant, as Microsoft (or any other social provider) sees your Auth0 tenant (and not individual applications defined in the tenant) as the âclientâ in the conversation.
The âTryâ button includes a special parameter (prompt=consent) that forces the consent prompt on most identity providers (not all), but the experience from individual authentication requests coming from applications will be as described above: consent will happen only once per user in the tenant.
1 Like
@nicolas_sabena
I have implemented SSO for office and it works fine with personal account. But if I try with company account which has company domain name, it says account not found. Does it have to do with office account privileges
or do I have to do anything in auth0 application?
Hi @kandarprakeshbhai
The Windows Live / Microsoft Account social connection is only good for social (individual) identities (those managed through account.live.com). For company accounts in Azure AD directories youâll need to configure an Azure AD-type enterprise connection.
I have setup the app now. When I login using regular ID which I used to create Azure account, it says Authorization Success. But when I use company ID, it throws error like
{âerrorâ:âaccess_deniedâ,âerror_descriptionâ:âAADSTS50020: User account âXXXâ from identity provider âhttps://sts.windows.net/5a6794c3-49ae-4a77-83ab-74c59d6569e4/â does not exist in tenant âDefault Directoryâ and cannot access the application â62835020-357c-4daf-bd94-3681fa33ed92â in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.\r\nTrace ID: 54f4d5f4-86f4-4029-831b-16f2c1005f00\r\nCorrelation ID: 09c2514b-133a-4df9-86fd-0fb68c9f0ba2\r\nTimestamp: 2018-12-10 17:18:04Zâ}
I have also enabled multiple tenant option ON.
How is the Azure AD connection configured? What is the domain used? Is it using the âcommon endpointâ or not?
Are you trying to log in using the same domain as the one defined for the connection, or using a different domain?
Did you enable multi-tenancy on the Azure AD site? Is your intention to allow users from outside directories to log in through this connection?
@nicolas_sabena
I have resolved the issue but have another doubt. After login successfully using work email id, I want to fetch contacts. I have end point url to do so but need access token. So how can I get that token?
@kandarprakeshbhai I am facing the same issue. It would be helpful to know how you fixed this. I appreciate your help.