admin管理员组

文章数量:1026989

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

  • single-sign-on
  • azure-ad-b2c-custom-policy
  • user-accounts
Share Improve this question asked Nov 16, 2024 at 14:20 IriaAMIriaAM 254 bronze badges 1
  • Other 3 users are created from Azure Portal? – Rukmini Commented Nov 18, 2024 at 3:31
Add a comment  | 

1 Answer 1

Reset to default 0

the problem is that the signup is not done correctly for the user when SSO, so it is not properly done, therefore the user doesn't exist.

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

  • single-sign-on
  • azure-ad-b2c-custom-policy
  • user-accounts
Share Improve this question asked Nov 16, 2024 at 14:20 IriaAMIriaAM 254 bronze badges 1
  • Other 3 users are created from Azure Portal? – Rukmini Commented Nov 18, 2024 at 3:31
Add a comment  | 

1 Answer 1

Reset to default 0

the problem is that the signup is not done correctly for the user when SSO, so it is not properly done, therefore the user doesn't exist.

本文标签:

版权声明:本文标题:single sign on - B2C problem: An account could not be found for the provided user ID. returns for impersonation - Stack Overflow 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745657152a2161664.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。