- last edited on
We were unable to set SSO in the Azure AD connect configuration for a brand new tenant.
An error appeared: Cannot retrieve single sign-on status.
The trace log shows:
Authenticate-ADAL: user name or password is invalid [invalid_grant] - AADSTS50126: Error validating credentials due to invalid username or password.
After disabling the security defaults (which enforce mfa on global admins) in the Azure tenant, the error disappeared and we could enable SSO.
I assume re-enabling the security defaults will not impact the SSO setting?
04-17-2020 02:15 PM
Spent a week off and on googling everything and no mention anywhere of this solution. Disabled 2FA and bingo it works first go. I was tearing the firewall apart, running health check Powershell scripts trying to find the problem. I wish they would mention this in the setup as even a "oh by the way". Thanks for posting this I can finally finish this deployment.