I have come across an issue where in 22R2 inaccessible when the SSO is configured.
I’ve checked the Azure SSO application, and the user directory ID is set to the correct email as well.
However, when trying to login to the environment below error appears.
Tried configuring multiple Azure application but the issue still persists.
+20
Hi
Check whether the user has necessary permissions to run the application. Make sure the foundation end user permissions such as FND_WEB_END_USER are granted to the user.
If the default IDP is enabled, check if the user is able to login to the application using the default IDP.
Thanks,
Kasun
Hi
Yes, the necessary permissions are granted to the user.
BR,
Sasanka.
Hi Sasanka,
It shows that the directory ID is invalid.
In Azure, what looks like an email address is likely the UPN.
If you check the Azure user properties, the email field is probably blank.
Can you please try setting the user email as well?
You can map the UPN to the email instead.
In Azure, please be sure to enable the "upn" claim in "Token configuration" for the app registration.
Then in IFS Cloud, open IdP Attribute Mappers and add Name: upn and Claim: upn.
Also please be sure to use a new incognito window when trying the login.
Please let us know whether either option works for you.
Best regards -- Ben
Hi
I’ve tried the mentioned steps and now the error where the Directory ID invalid does not pop up instead now getting the following ones.
Necessary permissions are granted to the user as well.
BR,
Sasanka.
Hi Sasanka,
In your Azure portal, navigate to your App registrations / API permissions.
Ensure that Microsoft Graph: email, openid, profile, and User.Read are added.
Also ensure that the Status for each is "Granted for <...>". If none are not, then click "Grant admin consent for <...>".
Also please log in to your IFS Cloud instance with a local admin user check IAM User Details.
If any of the IAM Users have a random GUID for their Username it is probably garbage from before SSO was working. Remove the entry. Then try again in a new incognito window to login.
Best regards -- Ben
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
