SOLVED
Home

Azure Enterprise Apps - permissions

%3CLINGO-SUB%20id%3D%22lingo-sub-47159%22%20slang%3D%22en-US%22%3EAzure%20Enterprise%20Apps%20-%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-47159%22%20slang%3D%22en-US%22%3E%3CP%3ETrying%20to%20set%20up%20SSO%20with%20Box.com%20via%20application%20listed%20in%20Azure%20AD%20Application%26nbsp%3BGallery.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollowed%20online%20instructions%20%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-saas-box-tutorial%26nbsp%3Bon%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-saas-box-tutorial%26nbsp%3Bon%3C%2FA%3E%20both%20the%20old%20AAD%20portal%20and%20within%20new%20portal%20(which%20is%20very%20different).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20when%20testing%20get%20an%20error%20message.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAADSTS65005%20-%20The%20client%20application%20has%20requested%20access%20to%20resource%20'00000002-0000-0000-c000-000000000000'.%20This%20request%20has%20failed%20because%20the%20client%20has%20not%20specified%20this%20resource%20in%20its%20required%20Resource%20Access%20list.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20what%20I%20can%20determine%20the%20'resource'%20is%20AAD%20and%20I%20think%20it%20is%20looking%20for%20the%20Box%20app%20to%20have%20authority%20to%20AAD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20an%20undocumented%20step%20to%20grant%20permissions%20via%20the%20new%20azure%20AD%20portal%2C%20has%20something%20failed%20during%20setup%20or%20am%20I%20missing%20something%20more%20fundamental%20%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20encountered%20similar%20issues%20with%20the%20application%20gallery%20apps%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-47159%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50345%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Azure%20Enterprise%20Apps%20-%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50345%22%20slang%3D%22en-US%22%3E%3CP%3ESome%20of%20these%20services%20have%20hard%20to%20find%20Identifier%20URLs%2C%20thanks%20for%20sharing%20the%20answer.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50244%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Enterprise%20Apps%20-%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50244%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F26185%22%20target%3D%22_blank%22%3E%40Nasos%20Kladakis%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9288%22%20target%3D%22_blank%22%3E%40Adam%20Fowler%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F60%22%20target%3D%22_blank%22%3E%40Juan%20Carlos%20Gonz%C3%A1lez%20Mart%C3%ADn%3C%2FA%3E%2C%20any%20thoughts%20on%20granting%20permissions%20via%20the%20new%20azure%20AD%20portal%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50101%22%20slang%3D%22en-US%22%3ERE%3A%20Azure%20Enterprise%20Apps%20-%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50101%22%20slang%3D%22en-US%22%3ESo%20for%20anyone%20interested%20and%20after%20logging%20a%20ticket%20for%20this%2C%20the%20problem%20has%20been%20diagnosed.%20Enter%20%3CA%20href%3D%22https%3A%2F%2Fsso.services.box.net%2Fsp%2FACS.saml2%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsso.services.box.net%2Fsp%2FACS.saml2%3C%2FA%3E%20into%20the%20Identifier%20URL%20and%20it%20should%20spring%20into%20life.%3C%2FLINGO-BODY%3E
Nicholas Byng-Maddick
Contributor

Trying to set up SSO with Box.com via application listed in Azure AD Application Gallery.

 

Followed online instructions  https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-box-tutorial on both the old AAD portal and within new portal (which is very different).

 

However when testing get an error message. 

 

AADSTS65005 - The client application has requested access to resource '00000002-0000-0000-c000-000000000000'. This request has failed because the client has not specified this resource in its required Resource Access list.

 

From what I can determine the 'resource' is AAD and I think it is looking for the Box app to have authority to AAD.

 

Is it an undocumented step to grant permissions via the new azure AD portal, has something failed during setup or am I missing something more fundamental ? 

 

Has anyone encountered similar issues with the application gallery apps ?

3 Replies
Solution
So for anyone interested and after logging a ticket for this, the problem has been diagnosed. Enter https://sso.services.box.net/sp/ACS.saml2 into the Identifier URL and it should spring into life.

@Nasos Kladakis, @Adam Fowler, @Vasil Michev, @Juan Carlos González Martín, any thoughts on granting permissions via the new azure AD portal?

Some of these services have hard to find Identifier URLs, thanks for sharing the answer.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies