-
Title
How to bypass the Azure AD detection during registration -
Description
This Knowledge based article will provide information on how to bypass Azure AD detection during registration for starling cloud platform -
Cause
Referencing KB article, Starling Cloud Platform will leverage Azure tenants for Single Sign On (262181), Starling Cloud Platform has a built-in security feature where it can auto-detect an Azure AD tenant based on the email address. Instead of creating a new account and storing a password on the Starling Cloud Platform it redirects the login attempt to your corporate Azure tenant.
However, in the case when AAD is not configured correctly or if Starling have incorrectly detected that an AAD instance is available, users who are being prompted to register using AAD will not be able to authenticate
-
Resolution
WORKAROUND :
To work around, use the below link
For new organizations Use the following URL replacing the email address with your own:
https://www.cloud.oneidentity.com/Register?starlingUser=your.email@company.com
For invites to an existing organization Copy the unique invite link from the invitation email and change `login_hint` query parameter to `starlingUser` so that it looks like the following:
The result of using the above links will be the same as where there is no Azure AD domain for the user (Starling will instead use Azure B2C to register and authenticate the user).
This can show in the STS logs with a message with a null TenantBrandingInfo: AAD query returned: {"NameSpaceType":"Managed","Login":"your.email@company.com","DomainName":"company.com","FederationBrandName":"company.com","TenantBrandingInfo":null,"cloud_instance_name":"microsoftonline.com"}