SSO Configuration with Azure AD

Cumulocity Version: eu-latest

I’m currently in the process of setting up SSO.

When Trying to log in via SSO I get the following Message:
{"message":"There is an error with the SSO configuration. Please contact your system administrator.\nVerify discovery URL for Azure AD or Jwks Uri. : Verify discovery URL for Azure AD or Jwks Uri.","error":"general/internalError","info":"https://www.cumulocity.com/guides/reference-guide"}

The Cumulocity Audit-Log Shows a JWT
{"x5t":"***","kid":"***","typ":"JWT","alg":"RS256"} {"aud":"*application-ID from Azure AD*","iss":"https://sts.windows.net/*tenant*/","iat":1736326519,"nbf":1736326519,"exp":1736331346,"acr":"1","aio":"***","amr":["pwd","rsa"],"appid":"*application-ID from Azure AD*","appidacr":"1","deviceid":"***","family_name":"***","given_name":"***","ipaddr":"***","name":"***","oid":"***","onprem_sid":"***","rh":"***","scp":"User.Read","sub":"***","tid":"***","unique_name":"***","upn":"***","uti":"***","ver":"1.0"}

My SSO Configuration is as follows:

  1. Basic
  1. User data mappings
  • Retrieve from Access token
  • First name: given_name
  • Last name: family_name
  • Email: email
  • JWT field: oid
  1. Signature verification Public key discovery URL

Found the Answer myself :slight_smile:

  1. Signature verification Public key discovery URL

the discovery URL obviously needs to include the actual tenant reference, Like the Token Issuer

in my writing.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.