We have identified an issue on the Microsoft side where their authentication endpoint is incorrectly redirecting some requests to a legacy test application, resulting in the error code AADSTS650059, as seen in the below screenshot. This is applicable to all Egnyte domains currently configured with a global Microsoft Entra (Azure AD) SSO identifier.
While we are working directly with Microsoft engineering to resolve this underlying behavior, we are recommending the following proactive update to ensure this issue does not impact your Egnyte domain.
How to Update the Configuration
To restore or ensure stable authentication, domain administrators must switch from the "global identifier" to a "domain-specific identifier" by following these two steps:
Step 1: Update Settings in Egnyte
- Log in to your Egnyte domain as an Administrator.
- Navigate to Settings > Configuration > Security & Authentication.
- Locate your SAML Single Sign-On configuration.
-
Find the setting "Use domain-specific issuer value" and set it to Enabled (or "On").
- Save your changes.
Step 2: Update Settings in Microsoft Entra (Azure AD)
- Log in to your Microsoft Entra admin center.
- Go to Enterprise Applications and select your Egnyte application.
- Navigate to Single Sign-On settings.
- Under Basic SAML Configuration, locate the Identifier (Entity ID).
-
Replace the global value https://saml-auth.egnyte.com/ with your specific domain URL: https://<your-domain>.egnyte.com/ or custom access URL (if any).
-
Save the configuration in Microsoft Entra.
For detailed instructions, see helpdesk article: Azure Single Sign On Configuration Guide
Important Note
If your administrators are currently unable to log in to Egnyte to perform Step 1, please contact Egnyte Support or via email support@egnyte.com immediately. Our team can assist with regaining access and re-configure SSO for the domain.