How do I fix SAML error AADSTS75011: Authentication method mismatch?

How do I fix SAML error AADSTS75011: Authentication method mismatch?

In this article  :

  • Issue description

  • Prerequisites

  • Possible causes

  • Resolution

  • How to reach support

  • Related topics and articles

Issue description  

When attempting to log in via SAML, authentication fails with the following error message: AADSTS75011: Authentication method ‘MultiFactor, FIDO’ by which the user authenticated with the service doesn’t match the requested authentication method ‘Password, ProtectedTransport’.

 

Prerequisites  

  • You must have access to the ADAudit Plus web console with the built-in administrator account.

  • You need to know if the ADAudit Plus backend database is PGSQL or MSSQL.

  • If using MSSQL, you need a database management tool and credentials to connect to the ADAudit Plus database.

  • You must have permissions to restart the ADAudit Plus service.

Possible causes  

The SAML authentication context requested by ADAudit Plus is too specific and does not match the modern authentication methods (like MFA or FIDO) being enforced by the identity provider (IdP).

Resolution  

To resolve this issue, you'll need to execute an SQL query to change the SAML authentication context to "Unspecified," which allows the IdP to use any valid authentication method.

Step 1: Identify the database type  

  1. Log in to ADAudit Plus using the built-in administrator account.

  2. Navigate to the Support tab. Under Support Info, click More.

  3. In the Machine Details section, identify the type of database used by ADAudit Plus (either PGSQL or MSSQL).

Step 2: Execute the update query  

Based on your database type:

  • If ADAudit Plus is using a PGSQL database:

  • In the same window, under the Query Execution pane, execute the following query:

  • update adsproductparams set param_value='urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified' where param_name='SAML_AUTHN_CONTEXT ';

  • If using an MSSQL database:

  • Execute the same query using a database management tool connected to the ADAudit Plus database.

Step 3: Restart the ADAudit Plus service  

Once the query is successfully executed, restart the ADAudit Plus service for the changes to take effect.

Note: Troubleshooting DML Query Error  

If you encounter the following error when running the query in the UI:

Error executing query: "You are not allowed to run DML queries. Please use native tool" please follow these steps:

  1. Log back in to ADAudit Plus using the admin account.

  2. Navigate to the Support tab. Under Support Info, click More.

  3. Under Enable/Disable Configuration, enable the option Run DML Query.

  4. Now, retry running the SQL query in the Query Execution pane.

How to reach support  

If the issue persists after following these steps, please contact our support team for further assistance.

Related topics and articles  

  • [To be added]


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products