Authentication method by which the user authenticated with the service doesn't match requested authe

Go to solution
Moses E Ali
Tera Contributor

‎04-24-2023 01:08 AM

Hi,

 

Is there anything we can do about this within SNOW; As devices on the “new” tenant are cloud joined, our options within Azure are limited as Msft handles Windows Hello for Business. For the old tenant, devices were Hybrid joined and local AD managed Windows Hello for Business.

 

Basically, what happens is, if the user signs in with their “password”, they can log into SNOW PROD “automatically” with SSO. If they sign into their laptop using Biometrics (PIN or fingerprint), it will fail. They get the error below.

For DEV and TEST, as “Auto-redirect Idp” is disabled for the Identity Provider, SSO will work when entering their email address manually (external login) when using Biometrics to sign into Windows.

 

We are currently migrating users devices to the new tenant post Domain migration and the current workaround is to use an Incognito browser session or log into Windows with password which is not ideal for the user.

 

Error - AADSTS75011 Authentication method by which the user authenticated with the service doesn't m...

Preview file
60 KB
0 Helpfuls
  • 1,345 Views
1 ACCEPTED SOLUTION

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎04-24-2023 04:25 AM

Hi @Moses E Ali ,
Could you please elaborate more about the issue you are facing? When Auto-redirect IdP is not set users need to provide an identifier like email/User Id. Based on the identifier users get redirected to IdP that is associated with their own user record/company record.

 

if we want users to get redirected to a particular IdP by setting auto-redirect IdP, you can create a URL with a pattern like this "/login_with_sso.do?glide_sso_id=<sys_id_of_your_idp>".

 

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎04-24-2023 04:25 AM

Hi @Moses E Ali ,
Could you please elaborate more about the issue you are facing? When Auto-redirect IdP is not set users need to provide an identifier like email/User Id. Based on the identifier users get redirected to IdP that is associated with their own user record/company record.

 

if we want users to get redirected to a particular IdP by setting auto-redirect IdP, you can create a URL with a pattern like this "/login_with_sso.do?glide_sso_id=<sys_id_of_your_idp>".

 

0 Helpfuls

Go to solution
Moses E Ali
Tera Contributor
In response to Randheer Singh

‎05-11-2023 07:15 AM

Randheer, thank you for the answer. It appears it was more of a issue with auto-redirect URL.

0 Helpfuls