Unable to set SSO in Azure AD Connect

Highlighted
Super Contributor

We were unable to set SSO in the Azure AD connect configuration for a brand new tenant.

An error appeared: Cannot retrieve single sign-on status.

 

AADConnect.png

 

The trace log shows:

Authenticate-ADAL: user name or password is invalid [invalid_grant] - AADSTS50126: Error validating credentials due to invalid username or password.

 

After disabling the security defaults (which enforce mfa on global admins) in the Azure tenant, the error disappeared and we could enable SSO.

 

I assume re-enabling the security defaults will not impact the SSO setting?

 

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-d...

2 Replies
Highlighted

@bart vermeersch , It will not cause any issue, as enabling SSO creates a computer object, which is used for SSO. 

Click on the below mentioned link and start from 32:00 minute,

https://www.youtube.com/watch?v=77b-W-nvhBA

Highlighted

Spent a week off and on googling everything and no mention anywhere of this solution. Disabled 2FA and bingo it works first go. I was tearing the firewall apart, running health check Powershell scripts trying to find the problem. I wish they would mention this in the setup as even a "oh by the way". Thanks for posting this I can finally finish this deployment.