AADSTS75011 Error on Edge (Azure AD Joined machines)

New Contributor

I have just setup SSO for a new enterprise application.

On AzureAD joined machines, it works in Chrome and Edge InPrivate mode. In normal edge, we get the following error:


AADSTS75011: Authentication method 'X509, MultiFactor' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'.


I have read about adding the following to SAML request but this is not possible with the vendor currently:

'authnContextClassRef' : false


This only affects AzureAD joined machines on Edge. When I test from a Hybrid joined machine there is no such issue.


Is there any way to resolve this from the Azure side?

2 Replies


We just ran into this exact same issue today with an application sending the optional/unnecessary RequestedAuthnContext info in the SAML request.  But, also narrowed down to only Edge/AAD joined affected.  Also, seems to correlate to Primary Refresh Token (PRT) with MFA/Windows Hello being used.


Did you manage to find any solution that wasn't reliant on the software vendor?

@Born_Slippy in the settings for the 3rd party application I had to disable AuthnContext altogether. Once this was unchecked this resolved the issue for us