Users cannot sign in to SaaS applications from the Microsoft Azure Access Panel or MyApps
You may also receive an email message that resembles the following if the certificate has expired:
|Action required: Your usage of application_name using Azure Active Directory may incur downtime if action is not taken to update the certificate used for single sign-on.|
You are receiving this email because our records indicate that you have configured Azure Active Directory for single sign-on with application_name. This configuration required downloading a certificate from the Azure management portal and uploading it to application_name.
This certificate used for single sign-on to application_name is set to roll over on certificate_rollover_date.
Action required: You will need to update this certificate in application_name prior to the date above to avoid downtime with single sign-on. To do this:
Please contact us if you have any questions about this certificate rollover.
Azure Active Directory Team
User account issuesNote The solution for each SaaS application may differ and may not work for some applications.
- Make sure that the user exists in the SaaS application.
- Make sure that the user can sign in to the SaaS application and that the user is not disabled in the SaaS application.
- Verify the following sign-in information:
- If the SaaS application uses a user name to sign in, make sure that the user name of the user in the SaaS application matches the user name in Azure Active Directory.
- If the SaaS application uses an email address to sign in, make sure that the email address of the user in the SaaS application matches the user name in Azure Active Directory.
Note If you have set up user provisioning, a change of the user name in Azure Active Directory may take 15 minutes to synchronize with the SaaS application.
Certificate issuesIf you are using federation-based single sign on, make sure that the Azure Active Directory certificate is updated in the SaaS application. To do this, follow these steps:
- Sign in to the Azure classic portal by using an administrator account.
- On the Active Directory tab, select your directory.
- Select the Applications tab, and then select the application that must be changed.
- On the Quick Start tab (represented by the blue cloud icon), select the Configure single sign-on button.
- Select Microsoft Azure AD Single Sign-On, and then select Next.
- On the Configure App Settings screen, select Next.
- Follow the instructions on the Configure Single Sign-on screen to update the certificate that's used by your application. Make sure that you select the confirmation check box and complete the final screen when you are finished.
Note Certificates typically expire after one, two, or three years. Certificates must be updated in all SaaS applications.
Article ID: 2909701 - Last Review: 07/14/2016 17:18:00 - Revision: 6.0
- kbexpertiseinter kbprb kbsurveynew KB2909701