Attempting to sign-in with AzureAD SSO fails with AADSTS75011

When attempting to login to Immuta via SSO, authentication will fail

Issue

After configuring AzureAD Single Sign On with Immuta, attempts by users to connect fail with the following message:

AADSTS75011: Authentication method 'X509, MultiFactor' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'. Contact the Immuta Prod application owner.

Cause

The RequestedAuthnContext is in the SAML request. This means the app is expecting the AuthnContext specified by the AuthnContextClassRef. However, the user has already authenticated prior to access the application and the AuthnContext (authentication method) used for that previous authentication is different from the one being requested [Source].

Resolution

Under the IAM’s Additional Config Parameters, set disableRequestedAuthnContext to true.
Save the configuration.

PreviousAttributes are not updated during initial create user payload via SCIM on Azure AD NextAttributes must be populated in Okta in order to be imported Immuta

Last updated 1 year ago

hashtagIssue

hashtagCause

hashtagResolution

Issue

Cause

Resolution