Hi all -
We're currently running Active Roles Server 7.5 using Okta as the SSO provider for our admin site/portal (only IT logs in to ARS).
However, we have a need to change our SSO provider from Okta to Azure AD. This was the only document I could find in regards to setting up authentication with Azure AD:
So, I followed it and when complete, I'm unable to login to ARS. I can see it trying to use Microsoft IdP (based on the URL changing in the address bar) but, it eventually ends up with an error:
"Cannot uniquely identify the user using the provided claims. Please contact your Active Roles administrator."
I'm using email address as my claim (as I've been with Okta). I've also tried UPN as well but I get the same error no matter which I use. I've setup dozens of Azure SSO apps with no issue but, there seems to be something about this particular one that's giving me fits. Based on the doc, above, it should be very straightforward but I must be missing something.
Is there a better/different doc to follow or does anyone have any suggestions.
Thanks,
Robin