-
Notifications
You must be signed in to change notification settings - Fork 12
FAQ
- How do I address the your account does not have access to this data error?
- How do I fix AADSTS50011: The reply UR specified in the request does not match the reply URLs configured for the application?
- What should I do if the Partner Smart Office Admins role is missing?
- Why do I receive an access denied message when attempting to access the portal?
There are two reasons this error could occur. The first reason is that the customer has revoked your access to their tenant. The second possibility is that the Microsoft Graph service principal is missing from the customer's Azure AD tenant.
How do I fix AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application?
The Azure AD application being used for portal authentication does not have a valid reply URL specified. One of the reply URL values should be http://.azurewebsites.net/signin-oidc, perform the following to add this configuration
- Login to https://portal.azure.com and click on the Azure Active Directory icon found on the left
- Click on App registration and choose All apps from the dropdown
- Click the application that was created for the web portal and then click settings
- Click Reply URLs, then add http://.azurewebsites.net/signin-oidc, and click save. Be sure to add the appropriate URL.
The Partner Smart Office Admins role is used to authorize users access to the web portal that manages the environments. If this role is missing then no user will be able to manage the environments. Peform the following to add the missing role
-
Open an instance of PowerShell and install the Azure AD cmdlets by invoking the following cmdlet
# This step can be skipped if you already have this module installed Install-Module AzureAD
-
Execute the PowerShell cmdlets below
# When prompt you will need to enter credentials that have global admin privileges Connect-AzureAD $adminAppRole = [Microsoft.Open.AzureAD.Model.AppRole]@{ AllowedMemberTypes = @("User"); Description = "Administrative users the have the ability to perform all Smart Office operations."; DisplayName = "Partner Smart Office Admins"; IsEnabled = $true; Id = New-Guid; Value = "Admins"; } # Note the following value can be found in the Azure management portal. Also, it should be a GUID with no trailing spaces. $appId = Read-Host -Prompt "What is the application identifier for the application you would like to configure?" $app = Get-AzureADApplication -Filter "AppId eq '$($appId)'" Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles @($adminAppRole)
The portal leverages Azure AD application roles for authorization to the portal. You are receiving this message because the account you are using to access the portal has not been assigned the Partner Smart Office Admins role. Perform the following to assign users to the role
- Login to https://portal.azure.com and click on the Azure Active Directory icon found on the left
- Click on App registration and choose All apps from the dropdown
- Click the application that was created for the web portal and then click the link under the Managed application in local directory text
- Click Users and groups, then click Add user, and the complete the wizard