You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/entra/entra-id/app-integration/idx10501-token-signature-validation-error.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -50,7 +50,7 @@ For SAML, Microsoft Entra ID uses the app-specific certificate to sign tokens. T
50
50
3. If your app uses custom signing keys that use a [claims-mapping policy](/entra/identity-platform/saml-claims-customization), you must append an `appid` query parameter that contains the app client ID. This step is necessary to retrieve a `jwks_uri` that points to the app’s specific signing key information. For example:
Copy file name to clipboardExpand all lines: support/entra/entra-id/app-integration/send-notification-details.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,9 +59,9 @@ See the following descriptions for more details about the notifications.
59
59
-**UPN** – the user who performed the operation
60
60
- Example – **tperkins\@f128.info**
61
61
-**Tenant ID** – the unique ID of the tenant that the user who performed the operation was a member of
62
-
- Example – **7918d4b5-0442-4a97-be2d-36f9f9962ece**
62
+
- Example – **aaaabbbb-0000-cccc-1111-dddd2222eeee**
63
63
-**User object ID** – the unique ID of the user who performed the operation
64
-
- Example – **17f84be4-51f8-483a-b533-383791227a99**
64
+
- Example – **cccccccc-2222-3333-4444-dddddddddddd**
65
65
66
66
### Detailed Notification Items
67
67
@@ -75,6 +75,6 @@ See the following descriptions for more details about the notifications.
75
75
- Example – **Internal url `https://bing.com/` is invalid since it is already in use**
76
76
-**Copy error** – Select the **copy icon** to the right of the **Copy error** textbox to copy all the notification details to share with a support or product group engineer
77
77
- Example
78
-
```{"errorCode":"InternalUrl\_Duplicate","localizedErrorDetails":{"errorDetail":"Internal url 'https://google.com/' is invalid since it is already in use"},"operationResults":\[{"objectId":null,"displayName":null,"status":0,"details":"Internal url 'https://bing.com/' is invalid since it is already in use"}\],"timeStampUtc":"2017-03-23T19:50:26.465743Z","clientRequestId":"302fd775-3329-4670-a9f3-bea37004f0bb","internalTransactionId":"ea5b5475-03b9-4f08-8e95-bbb11289ab65","upn":"[email protected]","tenantId":"7918d4b5-0442-4a97-be2d-36f9f9962ece","userObjectId":"17f84be4-51f8-483a-b533-383791227a99"}```
78
+
```{"errorCode":"InternalUrl\_Duplicate","localizedErrorDetails":{"errorDetail":"Internal url 'https://google.com/' is invalid since it is already in use"},"operationResults":\[{"objectId":null,"displayName":null,"status":0,"details":"Internal url 'https://bing.com/' is invalid since it is already in use"}\],"timeStampUtc":"2017-03-23T19:50:26.465743Z","clientRequestId":"aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb","internalTransactionId":"bbbbbbbb-1111-2222-3333-cccccccccccc","upn":"[email protected]","tenantId":"aaaabbbb-0000-cccc-1111-dddd2222eeee","userObjectId":"cccccccc-2222-3333-4444-dddddddddddd"}```
|Tenant-ID|`<Tenant-ID>` portion of the sign-in request| common|
77
-
|App-ID|`<App-ID>` portion of the sign-in request|1f92960d-1442-4cd2-8c76-d13c5dcb30bf|
77
+
|App-ID|`<App-ID>` portion of the sign-in request|00001111-aaaa-2222-bbbb-3333cccc4444|
78
78
|Scope|`<Scope>` portion of the sign-in request| Openid+User.Read+Directory.Read.All|
79
79
|App-URI-ID| V1 endpoint: `<App-URI-ID>` portion of the sign-in request</br> </br>V2 endpoint: For resources other than Microsoft Graph, this will be the portion before the scope name. For example, for `https://analysis.windows.net/powerbi/api/App.Read.All`, `App.Read.All` is the scope name, so the `App-URI-ID` is `https://analysis.windows.net/powerbi/api`.|https://graph.microsoft.com|
80
80
|Prompt|`<Prompt>` portion of the sign-in request ||
@@ -166,11 +166,11 @@ Sometimes, signing in to the application requires passing the `prompt` parameter
@@ -186,11 +186,11 @@ To resolve consent issues, perform admin consent by following these steps:
186
186
187
187
3. If the administrator doesn't get the consent screen, grab the sign-in address, add `&prompt=consent` to the end, and then use this request to perform admin consent.
188
188
189
-
Here's an example: `https://login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/authorize?client_id=1f92960d-1442-4cd2-8c76-d13c5dcb30bf&response_type=code&redirect_uri=https://www.contoso.com&scope=openid+profile&tresource=https://graph.microsoft.com&prompt=consent`
189
+
Here's an example: `https://login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/authorize?client_id=00001111-aaaa-2222-bbbb-3333cccc4444&response_type=code&redirect_uri=https://www.contoso.com&scope=openid+profile&tresource=https://graph.microsoft.com&prompt=consent`
190
190
191
191
If the requested permissions aren't listed in the application registration, use the Microsoft identity platform (V2) endpoint to force admin consent. V2 endpoint requires each permission scope to be passed in the `scope` parameter as follows:
> - Permission scopes used by the application must be provided by the application owner.
@@ -239,4 +239,4 @@ You can use the Microsoft Entra activity logs to get more details. To do so, fol
239
239
240
240
In certain scenarios, you're required to perform admin consent even though you might allow users to consent and the permission normally doesn't require an admin to consent. For example, when the status reason shows "Microsoft.Online.Security.UserConsentBlockedForRiskyAppsException." For more information, see [Unexpected error when performing consent to an application](/entra/identity/enterprise-apps/application-sign-in-unexpected-user-consent-error#requesting-not-authorized-permissions-error) and [Unexpected consent prompt when signing in to an application](/entra/identity/enterprise-apps/application-sign-in-unexpected-user-consent-prompt).
To delete a user in Azure PowerShell, run the [Remove-MgUser](/powershell/module/microsoft.graph.users/remove-mguser?view=graph-powershell-1.0&preserve-view=true) cmdlet. To run this command, you must connect to Microsoft Graph with at least the `User.DeleteRestore.All` permission.
0 commit comments