Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
gluizqueiroz
Resolver I
Resolver I

Error AADSTS50076 while trying to acquire token to embedded Power BI using JS API

‎05-28-2025 06:28 AM

I developed a new feature in my web portal that embedded Power BI Reports and it works fine in my PC, in "development enviorament", but when I publish to "homolog enviorament", the function that acquires token doesnt work properly and returns the following error:

{"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000009-0000-0000-c000-000000000000'. Trace ID: 81bf8680-6f0f-4a07-8859-54549ae00600 Correlation ID: c4c81d67-5401-4d62-80f7-e481bc4ccaf9 Timestamp: 2025-05-27 21:17:09Z","error_codes":[50076],"timestamp":"2025-05-27 21:17:09Z","trace_id":"81bf8680-6f0f-4a07-8859-54549ae00600","correlation_id":"c4c81d67-5401-4d62-80f7-e481bc4ccaf9","error_uri":"https://login.microsoftonline.com/error?code=50076","suberror":"basic_action"}

My request to acquireToken use the following structure:

POST https://login.microsoftonline.com/common/oauth2/token

$scope=openid
&resource=https://analysis.windows.net/powerbi/api
&client_id={clientId}
&username={email}
&password={password}
&grant_type=password
&client_secret={clientSecret}


I have been use this method for many years and in 5 different web portal and works fine.
I already created an "app" in Azure, made the configuration, give a lot of API Permissions in "app", grant admin consent.
How can I manage this error? This is because I need to use multi factor authentication to login? How can I acquire token and still use MFA? (I'm think the guy from IT does not allow me to remove MFA from account)

Labels:
Message 1 of 5
611 Views
0
1 ACCEPTED SOLUTION
gluizqueiroz
Resolver I
Resolver I
In response to v-pgoloju

‎05-30-2025 01:28 PM

Thanks for reply!

Interesting solutions and article about MSAL, I will study more about this in the future.
By now, I solved the problem releasing the MFA when the request comes from specific IPs adresses. My application is located in a specific and stable VM with static IP adress, so, every request to Azure, starts from the same IP adress, and only 1 IP, knowing this fact, I add the IP address at the following:

https://entra.microsoft.com/#view/Microsoft_AAD_AuthenticationMethods/MultifactorAuthenticationConfi...

And go to tab "Service config".

Thanks for replying and trying to help me.

View solution in original post

Message 5 of 5
488 Views
0
4 REPLIES 4
v-pgoloju
Community Support
Community Support

‎05-29-2025 07:19 PM

Hi @gluizqueiroz 

 

Thank you for reaching out to the Microsoft Fabric Forum Community.

 

You're using the ROPC flow, which doesn't support MFA, so it fails when your Azure AD enforces it.

To Fix without disabling MFA, Use MSAL.js with Authorization Code Flow (for user login) or Client Credentials Flow (for backend apps).
Both support MFA and comply with Azure AD policies.

 

Please refer for documentation.

https://learn.microsoft.com/en-us/entra/identity-platform/msal-overview


If this solution helped, please consider marking the response as accepted and giving it a thumbs-up so others can benefit as well.

 

Best regards,
Prasanna Kumar

 

Message 4 of 5
543 Views
0
gluizqueiroz
Resolver I
Resolver I
In response to v-pgoloju

‎05-30-2025 01:28 PM

Thanks for reply!

Interesting solutions and article about MSAL, I will study more about this in the future.
By now, I solved the problem releasing the MFA when the request comes from specific IPs adresses. My application is located in a specific and stable VM with static IP adress, so, every request to Azure, starts from the same IP adress, and only 1 IP, knowing this fact, I add the IP address at the following:

https://entra.microsoft.com/#view/Microsoft_AAD_AuthenticationMethods/MultifactorAuthenticationConfi...

And go to tab "Service config".

Thanks for replying and trying to help me.

Message 5 of 5
489 Views
0
v-pgoloju
Community Support
Community Support

‎05-28-2025 10:09 PM

Hi @gluizqueiroz,

 

Thank you for reaching out to the Microsoft Fabric Forum Community.

 

The error code AADSTS50076 typically indicates that Multi-Factor Authentication (MFA) is required due to a policy change or new sign-in location. This often occurs when using authentication flows that do not support MFA, such as the Resource Owner Password Credential (ROPC) grant.

 

To resolve this issue, please refer to the official Microsoft documentation here:

https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts50076


If this solution helped, please consider marking the response as accepted and giving it a thumbs-up so others can benefit as well.

 

Best regards,
Prasanna Kumar

 

Message 2 of 5
576 Views
0
gluizqueiroz
Resolver I
Resolver I
In response to v-pgoloju

‎05-29-2025 10:46 AM

Hello, Prasanna Kumar!
Thanks for the answer so far, but: How can I manage this error?

I need to check or uncheck something at Azure?
What I need to do to receive a token after request?
I need to disable MFA for the user? 

Message 3 of 5
554 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All