This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Docs Learn Support
Help
Docs Learn Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO fails when using MFA

makkawi
Employee
Employee

on ‎08-10-2022 08:28 AM

Symptoms

When using multifactor authentication, the SSO login fails with the below error:

 

Message: AADSTS75011: Authentication method 'X509, MultiFactor' by which the user authenticated with the service doesn't match requested authentication method 'Password'. Contact the Incorta - Development application owner.

 

Diagnosis

Check the XML file generated from the SSO provider, if it has the following line

 

onelogin.saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:classes:Password

 

Solution

This line forces the authentication, using passwords only. Hence, the MFA doesn't work.

Please remove the line mentioned from the SSO properties that are copied to the CMC.

As per Microsoft documentation, this line is optional, so it is safe to be removed.

https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts75011-auth-met...

Labels:
Best Practices Index
Best Practices

Just here to browse knowledge? This might help!

Contributors
Version history
Last update:
‎08-10-2022 08:28 AM
Updated by:
Employee
Copyright © 2024 Khoros, LLC