Blog

Somewhere over the course of the last 6 weeks, Microsoft has been making changes to where Office 365/Azure AD SaaS applications are managed. Just about everything that was once accessed in the Azure Classic Portal has been moved to the new Azure Portal (portal.azure.com).

This includes the management of Azure Active Directory, which was something that could only be accessed via the classic Azure Portal.

As of the publication date of this blog, both portals continue to be available to manage your Azure AD for your Office 365 Identities.

Old VS New

Old Azure SaaS Gallery

New Azure SaaS Gallery

The Problem

DMC ran into a problem for which there is no real fix available on the internet. When you clicked on any Azure App from the Azure SaaS Gallery, it would redirect to a page that displayed the loading page endlessly. If you looked closely in the URL, you would see the following text in the beginning section of the link:

access_denied&error_description=AADSTS65005%3a+Invalid+resource.+The+client+has+requested+access+to+a+resource+which+is+not+listed+in+the+requested+permissions+in+the+client%

The Fix

If this happens to you, the fix is below:

1. Log in to the new Azure Portal.
2. Go to Azure Active Directory.

3. Click on Enterprise Applications.
4. Click the application that gives the URL error above. Click Single Sign-on.
5. You will notice that it is set to Azure AD single sign-on disabled.

6. Change this to Password-based Sign-On.
7. Click Save.
8. Before testing again on the client side, you may need to close all browsers and empty your browser cache before trying to access the application again.
9. You're done!

Is That Really It?

We opened a ticket with Microsoft, and they acknowledged that this default setting of Disabled occurred in the transition of moving the SaaS apps to the new portal. Once it is set to Password-based Sign-On, it will not revert back again.

Please contact us at DMC if you have any questions.

Learn more about our Microsoft Consulting Services.