Forum Discussion
Weird issue with MFA for Guest Users
Hello Random_User9801,
Thank you for creating this post where you encounter AADSTS500082. I am contributor with knowledge in Entra ID.
The sign-in process with SAML looks something like this:
An employee logs uses a URL leading to Microsoft Sign-in.
UPN and credential is provided so the identity provider verifies the employee’s identity using authentication details (e.g., username, password, PIN, device, or biometric data).
Now comes the MFA, in this case it's stopping the authentication flow, so the error is observed.
Usually, if SAML is mentioned, Single Sign-On (SSO) us also in the mix. I can suggest to check the application using the SSO settings. What you can do is to test the application from Enterprise applications > Find the app > Manage (left panel) > Test this application
Should this work, the application's SSO is working so checking MFA settings and especially Security Defaults, per-user MFA, and the applied Conditional Access Policies which affect the sign-in.
If the issue persists and caused impact on the production, you are always able to open a service request using https://support.microsoft.com/en-us/contactus/
thank you for your response.
As mentioned, those are external guest users which were invited into our environment. They are just trying to access Teams and/or SharePoint.
We are not their identity provider nor do we have SSO implemented for them.
They are not receiving a MFA prompt when trying to enter our environment, they just get greeted with the SAML error.
I am a bit confused, since I can't see the connection between the error and the missing MFA prompt for an external user.
- You can use fiddler to investigate what is happening. My suggestion is provided as the error indicate SAML, hence SSO is happening on the backend. To use fiddler, check the following Learn Article - https://learn.microsoft.com/en-us/archive/technet-wiki/3286.ad-fs-2-0-how-to-use-fiddler-web-debugger-to-analyze-a-ws-federation-passive-sign-in
