Hello,

We are trying to use Azure Access Control Service to authenticate our SharePoint Server 2013 hosted on Azure users with Azure Active Directory. The Azure Ad and the SharePoint Server 2013 farm are in different domains.

Followed steps from below TechNet article to configure this.

https://technet.microsoft.com/en-us/library/dn635311.aspx

1. Create a new Azure AD tenant and namespace.
2. Add a WS-Federation identity provider.
3. Add SharePoint as a relying party application.
4. Create a self-signed certificate to use for SSL.
5. Create a rule group for claims-based authentication.
6. Configure the X.509 certificate.
7. Create a claim mapping.
8. Configure SharePoint for the new identity provider.
9. Set the permissions.
10. Verify the new provider.

In Step 3 while adding SharePoint as a relying party application we have given URL of the SharePoint application in Realm and Return URL fields.

Then in step 5 created a Rule group to  pass name as upn

After all configuration, we changed the Authentication Provider for our SharePoint Web application to ACS provider and granted user (Azure AD user) permission to web application.

When we try to login to our SharePoint site using Azure AD accounts, it does not recognize it. Any idea how to troubleshoot and find out the possible cause of error?

Hi Aditya,

Did you run the PowerShell command to create the claim mapping?

In the script, you need to modify the values based on your settings.

Please use the correlation ID to get the detailed error message in ULS log for further research.

You can also set the realm and return URL as below shows to see if the issue still occurs:

In Realm enter urn:sharepoint:spvms

In Return URL enter your SharePoint web application URL followed by /_trust/, e.g. https://mywebsite.com/_trust/.

Thanks,

Victoria