Sep 16 2019 01:02 PM - edited Sep 16 2019 01:03 PM
Sep 16 2019 01:02 PM - edited Sep 16 2019 01:03 PM
Hi,
Our company uses Azure AD, and has integrated SSO with Slack enabled.
I am using Edge Beta version (tried with Dev as well) and login to Slack fails on my AAD joined machine with my AAD work account sync enabled profile.
Request Id: 0fdc5271-c48a-40d0-93aa-770bcfd09600
Correlation Id: 17a3aa02-838b-446f-a54c-f146921455ae
Timestamp: 2019-09-16T19:54:54Z
Message: AADSTS75011: Authentication method 'X509, MultiFactor' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'.
This error doesn't happen on -
My guess is that integrated SSO is not negotiating the allowed authentication methods correctly.
Nov 14 2019 05:51 PM
I have seen the same issue a few times, and again just recently when enabling a pilot of passwordless authentication.
What has resolved it for me was to edit my Slack SSO configuration, change the 'AuthnContextClassRef' and set it to 'Don't send this value'. Slack is sending a payload to Azure AD that isn't supported is my suspicion.
Nov 06 2020 11:22 AM
@tomanderson83 Thanks, I was able to fix my issue with that same instruction
Mar 30 2021 04:37 AM
Mar 30 2021 03:35 PM
I can't remember, sorry!
May 23 2023 04:32 AM
@tomanderson83
What implications are there for users that are still on-prem AD joined If I set it to 'do not send value' ?
Aug 09 2023 07:24 PM
@ks364 - great question because i just tested this. it worked, but some people have issues as it passes their personal email instead of work email.
Apr 18 2024 10:16 AM
switching the AuthContextClassRef to urn:oasis:names:tc:SAML:2.0:ac:classes:X509 fixed it for me
This is configured in the Slack SAML configuration, under advanced