Forum Discussion
SSO from PingOne to Entra app failing; Not matching on sub value and can't find by email
I am trying to implement SSO from PingOne to my Azure app I have registered in Entra External ID. When I don't have the PingOne account pre-provisioned, the sign-in flow provisions the account but wi...
Seems related to an issuer mismatch and subject claim misalignment. The error AADSTS500208 typically occurs when the federated identity provider (PingOne) sends a sub or issuer value that does not match what Entra expects, leading to provisioning failures or duplicate account conflicts.
https://learn.microsoft.com/en-us/answers/questions/5662929/external-identities-saml-federation-not-working-fo
https://github.com/MicrosoftDocs/entra-docs/blob/main/docs/external-id/customers/faq-customers.md