Login page of Microsoft blocked in iFrame

Copper Contributor

I've created an Enterprise App and App Registration in Microsoft Entra ID for the authentication of users into a thrid-party web application (Qlik Sense) via OIDC.  This works as designed. When I access the website of Qlik Sense directly in my browser, I'm redirected to login.microsoftonline.com, where I can pick an existing account or sign-in with a new account.

 

Now, I want to create a custom web application where the website of Qlik Sense is embedded on a page with an iFrame. Unfortunately, this doesn't work, because the login page of Microsoft is blocked by the browser when opened inside an iFrame. The browser console indicates that this is because of a HTTP response header 'X-Frame-Options' that is coming from Microsoft Entra ID. Is there a way to prevent this behaviour by changing the configuration in Entra ID? 

1 Reply
We are also interested into that topic. Created a POC App some months ago, back then it has worked in iframe. Currently we are checking with the IT Admin if they changes some settings on the tenant. Hope it's not a new non-configurable Azure default.