SOLVED

Azure Enterprise Apps - permissions

%3CLINGO-SUB%20id%3D%22lingo-sub-47159%22%20slang%3D%22en-US%22%3EAzure%20Enterprise%20Apps%20-%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-47159%22%20slang%3D%22en-US%22%3E%3CP%3ETrying%20to%20set%20up%20SSO%20with%20Box.com%20via%20application%20listed%20in%20Azure%20AD%20Application%26nbsp%3BGallery.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollowed%20online%20instructions%20%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-saas-box-tutorial%26nbsp%3Bon%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-saas-box-tutorial%26nbsp%3Bon%3C%2FA%3E%20both%20the%20old%20AAD%20portal%20and%20within%20new%20portal%20(which%20is%20very%20different).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20when%20testing%20get%20an%20error%20message.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAADSTS65005%20-%20The%20client%20application%20has%20requested%20access%20to%20resource%20'00000002-0000-0000-c000-000000000000'.%20This%20request%20has%20failed%20because%20the%20client%20has%20not%20specified%20this%20resource%20in%20its%20required%20Resource%20Access%20list.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20what%20I%20can%20determine%20the%20'resource'%20is%20AAD%20and%20I%20think%20it%20is%20looking%20for%20the%20Box%20app%20to%20have%20authority%20to%20AAD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20an%20undocumented%20step%20to%20grant%20permissions%20via%20the%20new%20azure%20AD%20portal%2C%20has%20something%20failed%20during%20setup%20or%20am%20I%20missing%20something%20more%20fundamental%20%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20encountered%20similar%20issues%20with%20the%20application%20gallery%20apps%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-47159%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50345%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Azure%20Enterprise%20Apps%20-%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50345%22%20slang%3D%22en-US%22%3E%3CP%3ESome%20of%20these%20services%20have%20hard%20to%20find%20Identifier%20URLs%2C%20thanks%20for%20sharing%20the%20answer.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50244%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Enterprise%20Apps%20-%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50244%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F26185%22%20target%3D%22_blank%22%3E%40Nasos%20Kladakis%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9288%22%20target%3D%22_blank%22%3E%40Adam%20Fowler%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F60%22%20target%3D%22_blank%22%3E%40Juan%20Carlos%20Gonz%C3%A1lez%20Mart%C3%ADn%3C%2FA%3E%2C%20any%20thoughts%20on%20granting%20permissions%20via%20the%20new%20azure%20AD%20portal%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50101%22%20slang%3D%22en-US%22%3ERE%3A%20Azure%20Enterprise%20Apps%20-%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50101%22%20slang%3D%22en-US%22%3ESo%20for%20anyone%20interested%20and%20after%20logging%20a%20ticket%20for%20this%2C%20the%20problem%20has%20been%20diagnosed.%20Enter%20%3CA%20href%3D%22https%3A%2F%2Fsso.services.box.net%2Fsp%2FACS.saml2%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsso.services.box.net%2Fsp%2FACS.saml2%3C%2FA%3E%20into%20the%20Identifier%20URL%20and%20it%20should%20spring%20into%20life.%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Trying to set up SSO with Box.com via application listed in Azure AD Application Gallery.

 

Followed online instructions  https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-box-tutorial on both the old AAD portal and within new portal (which is very different).

 

However when testing get an error message. 

 

AADSTS65005 - The client application has requested access to resource '00000002-0000-0000-c000-000000000000'. This request has failed because the client has not specified this resource in its required Resource Access list.

 

From what I can determine the 'resource' is AAD and I think it is looking for the Box app to have authority to AAD.

 

Is it an undocumented step to grant permissions via the new azure AD portal, has something failed during setup or am I missing something more fundamental ? 

 

Has anyone encountered similar issues with the application gallery apps ?

3 Replies
Highlighted
Solution
So for anyone interested and after logging a ticket for this, the problem has been diagnosed. Enter https://sso.services.box.net/sp/ACS.saml2 into the Identifier URL and it should spring into life.
Highlighted

@Nasos Kladakis, @Adam Fowler, @Vasil Michev, @Juan Carlos González Martín, any thoughts on granting permissions via the new azure AD portal?

Highlighted

Some of these services have hard to find Identifier URLs, thanks for sharing the answer.