SAP Knowledge Base Article - Public

3210639 - SSO Error "AADSTS650056 - Misconfigured application"


You receive the following error while setting Single Sign On:

"Error AADSTS650056 - Misconfigured application. This could be due to one of the following: the client has not listed any permissions for '{name}' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure that it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: {id}. Please contact your admin to fix the configuration or consent on behalf of the tenant."


SAP Cloud for Customer

Reproducing the Issue

  1. Go to Administrator Work center.
  2. Open Common Tasks View.
  3. Select "Configure Single Sign On".
  4. Go to tab "My system".


 The Issuer attribute sent from the application to Azure AD in the SAML request doesn’t match the Identifier value configured for the application in Azure AD.


Ensure that the Issuer attribute in the SAML request matches the Identifier value configured in Azure AD.

Verify that the value in the Identifier textbox matches the value for the identifier value displayed in the error.

For more information about the Issuer attribute, see Single Sign-On SAML protocol.

Complete content


SSO, Error, AADSTS650056, Misconfigured application, Testing, Setting , KBA , LOD-CRM-SEC , Security Topics , How To


SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications 2202