A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.
Sign in is not a problem and the same way of sign in is in the impersonation policy.
Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.
What am I doing wrong? the sso users have been created already in Graph, and they can sign in
A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.
Sign in is not a problem and the same way of sign in is in the impersonation policy.
Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.
What am I doing wrong? the sso users have been created already in Graph, and they can sign in
Share Improve this question asked Nov 16, 2024 at 14:20 IriaAMIriaAM 254 bronze badges 1- Other 3 users are created from Azure Portal? – Rukmini Commented Nov 18, 2024 at 3:31
1 Answer
Reset to default 0the problem is that the signup is not done correctly for the user when SSO, so it is not properly done, therefore the user doesn't exist.