saltstack-admin

I was today finally able to try this out and got the same experience as @SimbiotVenom : 1. It is really weird 2. It is not intuitiv 3. You must...

> Fact is that IMHO the ability to use the fingerprint reader should be explicitly allowed by the system administrator, and likely it should be disabled by default in an...

Hello, that is the problem, before I created the issue, we triple-checked our configuration. Our application registration has permissions for "Microsoft Graph" with "GroupMember.Read.All", "openid" and "User.Read" as type "Delegated"....

Hi, got screenshots from our MS Admins. Picture 1 shows the API permissions and picture 2 shows the authentication permissions.  

I forwarded your suggestion and your question to our MS Admins. About your last question: I do not get any requested permissions? The documentation does not have screenshots for comparison....

> You are right, contrary to other providers, MSEntraID doesn’t show the admin approved delegated permissions to the user. So, that doesn’t help us that much on the debugging front....

> We can’t reproduce the issue here. There is no additional debugging that could help after searching on the documentation. The seems I’m surprised about as you are using the...

> Quick update: We believe that this issue is fixed via [ubuntu/authd-oidc-brokers#135](https://github.com/ubuntu/authd-oidc-brokers/pull/135). The fixed version is currently only available on the [edge channel](https://github.com/ubuntu/authd/wiki/06--Troubleshooting-reference#switch-the-snap-to-the-edge-channel) of the authd-msentraid snap. It would help...

I asked my colleagues, they said yes and provided me this screenshot: 

Hi, > @saltstack-admin: Did you also double check that the app in that screenshot is the one that's configured via the `client_id` option in `/var/snap/authd-msentraid/current/broker.conf`? Yes, we did. Today I...