When you log into Microsoft's Azure Active Directory (AAD) with your username and password, you may get an error message like this one: Application with identifier
To fix the log on problem, you must edit the app registration’s Application ID URI and enter Safeguard for Privileged Password’s new entityID from the SAML metadata.
4. Select and copy the value of the entityID attribute.
5. Go to the Microsoft Azure portal and click the Edit link to update the corresponding app registration’s Application ID URI with the value you copied.
1. Look at the AD FS Admin log in the Windows Event Viewer on the AD FS server, for an entry like:
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://f352d4ad93db4be5f27c6355b1c8b7783d59e5bc/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
2. Edit the Relying Party Trust for the corresponding application in the AD FS Management program.
a. Open a web browser and go to:
b. Select and copy the value of the entityID attribute:
c. Edit the properties of the corresponding Relying Party Trust in the AD FS Management program and go to the Identifiers tab.
d. On the Identifiers tab, add the new identifier value and then remove the old one. (Refer to the illustration below.) Paste the new value, click Add, then remove the old value.
3. Update the signing certificate that AD FS has a copy of for this application.
a. Open you web browser and go to:
b. Note the certificate file that is automatically downloaded. Or, follow the prompts to download the file.
4. Return to the AD FS Management program.
a. From the application’s properties., go to the Signature tab.
b. Add the new certificate.
c. Delete the old certificate.
For more general information, see the section, How do I create a relying party trust for the STS in the Safeguard for Privileged Passwords Administration Guide. The topic includes links to other Knowledge Base articles on configuring Relying Party Trusts for Microsoft's AD FS and Microsoft's Azure AD.