cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to set SSO in Azure AD Connect

bart vermeersch
Steel Contributor

‎Apr 16 2020 02:40 AM - last edited on ‎Jan 14 2022 04:32 PM by

‎Apr 16 2020 02:40 AM - last edited on ‎Jan 14 2022 04:32 PM by

Unable to set SSO in Azure AD Connect

We were unable to set SSO in the Azure AD connect configuration for a brand new tenant.

An error appeared: Cannot retrieve single sign-on status.

 

AADConnect.png

 

The trace log shows:

Authenticate-ADAL: user name or password is invalid [invalid_grant] - AADSTS50126: Error validating credentials due to invalid username or password.

 

After disabling the security defaults (which enforce mfa on global admins) in the Azure tenant, the error disappeared and we could enable SSO.

 

I assume re-enabling the security defaults will not impact the SSO setting?

 

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-d...

14.7K Views
0 Likes
2 Replies
Reply
2 Replies
Rishabh Srivastava

‎Apr 16 2020 11:43 AM

‎Apr 16 2020 11:43 AM

Re: Unable to set SSO in Azure AD Connect

@bart vermeersch , It will not cause any issue, as enabling SSO creates a computer object, which is used for SSO. 

Click on the below mentioned link and start from 32:00 minute,

https://www.youtube.com/watch?v=77b-W-nvhBA

0 Likes
Reply
roballison

‎Apr 17 2020 02:15 PM

‎Apr 17 2020 02:15 PM

Re: Unable to set SSO in Azure AD Connect

Spent a week off and on googling everything and no mention anywhere of this solution. Disabled 2FA and bingo it works first go. I was tearing the firewall apart, running health check Powershell scripts trying to find the problem. I wish they would mention this in the setup as even a "oh by the way". Thanks for posting this I can finally finish this deployment. 

1 Like
Reply