last few weeks i'm trying solve 1 big problem azure active directory , oauth authorization.
now have azure ad tenant , api application in tenant. use oauth , office 365 api. ok, except 1 thing - our users cant change passwords themselves, have write administrators (>10k users). want enable adfs , give them ability change password.
we tried few times enable adfs , change auth type managed federated, after users cant log in our app.
if click "log in" in our application opens url like: https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=...&resource=https://outlook.office365.com/
when try sign in there error: 
"user account ... external identity provider ... not supported application ..."
and! if sign in first in adfs , after sign in application - ok.
so, should rnable adfs , use api applications?
sorry bad description , bad english.
Comments
Post a Comment