admin管理员组

文章数量:1026989

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

Share Improve this question asked Nov 16, 2024 at 14:20 IriaAMIriaAM 254 bronze badges 1
  • Other 3 users are created from Azure Portal? – Rukmini Commented Nov 18, 2024 at 3:31
Add a comment  | 

1 Answer 1

Reset to default 0

the problem is that the signup is not done correctly for the user when SSO, so it is not properly done, therefore the user doesn't exist.

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

Share Improve this question asked Nov 16, 2024 at 14:20 IriaAMIriaAM 254 bronze badges 1
  • Other 3 users are created from Azure Portal? – Rukmini Commented Nov 18, 2024 at 3:31
Add a comment  | 

1 Answer 1

Reset to default 0

the problem is that the signup is not done correctly for the user when SSO, so it is not properly done, therefore the user doesn't exist.

本文标签: