Mar 27 2024 04:05 AM
Hi.
I'm trying to configure our Entra domain to federate to our existing IdP, following the guidance found here and am having real problems when it comes to using the Microsoft Graph API in PowerShell.
After eventually working out what permissions I needed to request (more than what is stated in the doc), I ran the New-MgDomainFederationConfiguration cmdlet, and received the following error:
"FederatedIdpMfaBehavior cannot be empty"
This parameter is not mentioned in the doc either. So, then I added that parameter, and got the following:
"Domain already has Federation Configuration set."
But when I run Get-MgDomainFederationConfiguration, I get:
"Resource 'federationConfiguration' does not exist or one of its queried
reference-property objects are not present."
When I run Get-MgDomain, AuthenticationType shows as "Federated", but I still see a managed login when I check.
So I seem to be stuck with it seemingly half-configured, with no way to view or remove the configuration. Any ideas?
Thanks,
Nick
Mar 30 2024 08:24 PM
May 15 2024 07:05 AM
May 17 2024 06:36 AM
May 27 2024 08:59 AM
Jun 18 2024 09:43 AM
Sep 24 2024 03:53 PM - edited Sep 24 2024 03:54 PM
I just experienced this problem today and found this thread which was very helpful, so for the record here is the command that I used to reset to Managed that appears to have worked:
Update-MgDomain -DomainId <domain> -AuthenticationType "Managed"
After this, I was able to successfully run my New-MgDomainFederationConfiguration command corrected with the inclusion of -federatedIdpMfaBehavior
Hope this is helpful for you or someone else in future.