3242514 - AADSTS50011 error occurs after redirection to Microsoft Entra ID (Azure AD) as Corporate Identity Provider

Identity Authentication acts as a proxy to delegate the authentication to Microsoft Entra ID (Azure AD) as corporate identity provider.

After redirection to Microsoft Entra ID (Azure AD), one of the following errors occur:

• AADSTS50011: The reply URL 'https://<tenant ID>.accounts.cloud.sap/saml2/idp/acs/<tenant ID>.accounts.ondemand.com' specified in the request does not match the reply URLs configured for the application '<Application Name>'. Make sure the reply URL sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/urlMismatchError to learn more about how to fix this.
  
  
• AADSTS50011: The reply URL 'https://<tenant ID>.accounts.ondemand.com/saml2/idp/acs/<tenant ID>.accounts.ondemand.com' specified in the request does not match the reply URLs configured for the application '<Application Name>'. Make sure the reply URL sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/urlMismatchError to learn more about how to fix this.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP Cloud Identity Services

Identity Authentication Service

CIS, IAS, AADSTS50011, Azure, Entra, ID, Microsoft, CSD, Common Super Domain, Identity Authentication, error, fail, AD, active directory , KBA , BC-IAM-IDS , Identity Authentication Service , Problem