After setting Azure AD IDP configuration attribute mapping to "Street address," users are unable to access the ZTNA portal via IDP and receives an "Internal error occurred. Please try again in a few minutes" message.

However, when setting it to "City," or any other.

ZTNA and Azure AD IDP

The Attribute mappings are retrieved by ZTNA using the Microsoft Graphs API [1].

The API calls use OData to retrieve the configured attribute for RDP.

However the OData interface does not accept spaces [2] and the attribute name as exposed in the Graph API is not the same as the display name in the Azure AD portal.

The "Street Address" attribute name that matches the OData specification is "streeAddress".

Adding the "streetAddress" attribute instead of the "Street Address" name resolves the issue and allows the ZTNA system to retrieve the necessary attribute and prevents the sign-in error.

Other attribute names are documented by Microsoft [3].

[1] https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/ztna/1-0/Integrate-Identity-Providers/read-api/Integrate-Azure-IdP.html

[2] Azure properties OData property names are case sensitive and cannot contain spaces (https://learn.microsoft.com/en-us/azure/devops/report/extend-analytics/wit-analytics?view=azure-devops#return-specific-properties-or-fields)

[3] Microsoft Graphs User Attribute Property names (https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0)