Microsoft Entra ID SSO Troubleshooting

Hi all,

Is the ZeroTier single-sign-on feature compatible with Microsoft Entra ID?

I want ZeroTier to authenticate against an Azure AD / AADDS tenant, but I’m getting the error described here.

Unable to update SSO information. Please verify your requested issuer URL contains a “.well-known/openid-configuration” and matches the issuer URL reported by the “.well-known/openid-configuration” including any trailing slashes.

This ZeroTier portal error is not actionable and the Azure logs don’t have a corresponding record, the app registration method described here doesn’t work, and and the Azure AD documentation is sparse.

My ZeroTier installation is pre-production so I can easily troubleshoot or do configuration experiments.

TLDR: The solution is adding API Permissions for OpenID to the Azure App Registration for ZeroTier. Root cause is OpenID being disabled by default in new registrations.

A configuration walkthrough for Microsoft Entra ID is available here. which is too long to paste into this forum.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.