Hi @Sasanka,

Check whether the user has necessary permissions to run the application. Make sure the foundation end user permissions such as FND_WEB_END_USER are granted to the user. 

If the default IDP is enabled, check if the user is able to login to the application using the default IDP. 

Thanks,

Kasun

Hi @Kasun Balasooriya , Thank you for the reply.

Yes, the necessary permissions are granted to the user.

BR,

Sasanka.

Hi Sasanka,

It shows that the directory ID is invalid.
In Azure, what looks like an email address is likely the UPN.
If you check the Azure user properties, the email field is probably blank.
Can you please try setting the user email as well?

You can map the UPN to the email instead.
In Azure, please be sure to enable the "upn" claim in "Token configuration" for the app registration.
Then in IFS Cloud, open IdP Attribute Mappers and add Name: upn and Claim: upn.

Also please be sure to use a new incognito window when trying the login.

Please let us know whether either option works for you.
Best regards -- Ben

Hi @Ben Monroe , Thank you for the response.

I’ve tried the mentioned steps and now the error where the Directory ID invalid does not pop up instead now getting the following ones.

Necessary permissions are granted to the user as well.

BR,

Sasanka.

Hi Sasanka,

In your Azure portal, navigate to your App registrations / API permissions.
Ensure that Microsoft Graph: email, openid, profile, and User.Read are added.
Also ensure that the Status for each is "Granted for <...>". If none are not, then click "Grant admin consent for <...>".

Also please log in to your IFS Cloud instance with a local admin user check IAM User Details.
If any of the IAM Users have a random GUID for their Username it is probably garbage from before SSO was working. Remove the entry. Then try again in a new incognito window to login.

Best regards -- Ben