Unexpected error adding Azure Identity Provider to SAC setup
search cancel

Unexpected error adding Azure Identity Provider to SAC setup

book

Article ID: 245274

calendar_today

Updated On:

Products

Symantec ZTNA

Issue/Introduction

SAC Portal enabled with local authentication.

To integrate SAC with WSS, both platforms need a SAML Identity provider.

Trying to add the Azure Identity provider to SAC (WSS is already integrated), SAC admin would get the following error saving the Azure AD Identity Provider configuration on SAC:

Azure AD prerequisites as defined in the SAC Azure AD Identity Provider documentation were completed.

 

Environment

WSS

SAC

Cause

Misconfiguration of Azure AD client application.

Resolution

Copy the right Application ID to the SAC configuration

Additional Information

The various Application IDs required in the SAC Identity Provider setup can be confusing. The following highlights which Azure fields provide the right information needed for the SAC Identity provider setup to complete successfully:

1. Tenant and Application ID are both available from the OVERVIEW page for the Azure SAC Application

2. The Application key is available from the Client and secrets field and is the Application value and NOT the Application secretID!

3. A common mistake to to avoid adding all the Application permissions - the following MUST all be enabled and accessible

WHen troubleshooting Azure issues with access tokens, the following guide includes all error code and reasons for error - an extremely useful guide for authentication and authorization type errors:

https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes