Microsoft Entra ID SSO Troubleshooting

dajhorn · November 30, 2023, 3:00pm

Hi all,

Is the ZeroTier single-sign-on feature compatible with Microsoft Entra ID?

I want ZeroTier to authenticate against an Azure AD / AADDS tenant, but I’m getting the error described here.

Unable to update SSO information. Please verify your requested issuer URL contains a “.well-known/openid-configuration” and matches the issuer URL reported by the “.well-known/openid-configuration” including any trailing slashes.

This ZeroTier portal error is not actionable and the Azure logs don’t have a corresponding record, the app registration method described here doesn’t work, and and the Azure AD documentation is sparse.

My ZeroTier installation is pre-production so I can easily troubleshoot or do configuration experiments.

dajhorn · November 30, 2023, 6:43pm

TLDR: The solution is adding API Permissions for OpenID to the Azure App Registration for ZeroTier. Root cause is OpenID being disabled by default in new registrations.

A configuration walkthrough for Microsoft Entra ID is available here. which is too long to paste into this forum.

system · December 30, 2023, 6:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.