Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI DataViz World Championships are on! With four chances to enter, you could win a spot in the LIVE Grand Finale in Las Vegas. Show off your skills.

Reply
JBFF
Regular Visitor

User Suddenly Cannot log into PBI

‎01-10-2020 01:50 PM

One of our clients can no longer log in. She goes through the normal motions of logging in to our client report portal through the provided app.

 

When she tries to log in, she immediately gets thrown back to the login screen. For example, she clicks sign in, then gets taken to the page to put in her email, she does, then throws her back to the same page. When I try to log in as her, after putting in her email, I used to get thrown to a Google sign in page, now I get a error 403 from a Google page.

 

Nothing has been changed on her account. I double checked her external account on out Azure AD, and she checks out (is in the correct group, has the appropriate PBI Pro license, RLS is correct.

 

Not sure what could be going on here.

Labels:
Message 1 of 5
1,486 Views
0
1 ACCEPTED SOLUTION
JBFF
Regular Visitor

‎02-13-2020 09:34 AM

Apologies for the late update on this one. Clients were very slow to respond.

 

After a lengthy investigation by microsoft, they discovered that our client's tenant no longer had a valid security token...meaning they completely forgot to renew their security certificate for their tenant. *facepalm*

 

Issue was completely on the client's end. Once they update their certificate, our client was able to log in without any issues.

 

For reference, here's what Microsoft found: Key takaway is "Unable to verify token signature"

 

What's happening here is: Customer is inviting user [Email redacted]. When this user tries to redeem the invitation, they hit SAML validation error.

AADSTSXXXXXX: Unable to verify token signature. No trusted realm was found with identifier 'https://accounts.google.com/o/saml2?idpid=XXXXXXX' 

But if we look up this user [Email redacted] in MSODS, turns out this is a valid user on an Azure AD tenant: Tenant-ID

 

_ObjectClass (1): User _ObjectId (1): User-ID UserPrincipalName (1): [Email redacted]  WindowsLiveNetId (1): XXXXXXXXXXXXXXXXX

Now the verified domain XXXXXXXX.com is federated with GSuite.

 

So, it looks like:

Customer inviting an account through organizational relationship with GSuite but the account itself is part of an Azure AD federated domain federated with G Suite in the first place.

Mr. XXXXX given the above scenario, could you help confirm if this invite process would work?

 

 

View solution in original post

Message 4 of 5
1,389 Views
0
4 REPLIES 4
JBFF
Regular Visitor

‎02-13-2020 09:34 AM

Apologies for the late update on this one. Clients were very slow to respond.

 

After a lengthy investigation by microsoft, they discovered that our client's tenant no longer had a valid security token...meaning they completely forgot to renew their security certificate for their tenant. *facepalm*

 

Issue was completely on the client's end. Once they update their certificate, our client was able to log in without any issues.

 

For reference, here's what Microsoft found: Key takaway is "Unable to verify token signature"

 

What's happening here is: Customer is inviting user [Email redacted]. When this user tries to redeem the invitation, they hit SAML validation error.

AADSTSXXXXXX: Unable to verify token signature. No trusted realm was found with identifier 'https://accounts.google.com/o/saml2?idpid=XXXXXXX' 

But if we look up this user [Email redacted] in MSODS, turns out this is a valid user on an Azure AD tenant: Tenant-ID

 

_ObjectClass (1): User _ObjectId (1): User-ID UserPrincipalName (1): [Email redacted]  WindowsLiveNetId (1): XXXXXXXXXXXXXXXXX

Now the verified domain XXXXXXXX.com is federated with GSuite.

 

So, it looks like:

Customer inviting an account through organizational relationship with GSuite but the account itself is part of an Azure AD federated domain federated with G Suite in the first place.

Mr. XXXXX given the above scenario, could you help confirm if this invite process would work?

 

 

Message 4 of 5
1,390 Views
0
v-lid-msft
Community Support
Community Support
In response to JBFF

‎02-13-2020 06:14 PM

Hi @JBFF ,

 

Glad to hear that you have resolved your problem. Thank you for sharing this wonderful solution, we believe it can benefit more users.

 

We suggest you to hide the personal information such as email address and information of ogranization/tenant

 

If you have any other questions about this scenario, please kindly ask here and we will try to resolve it.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 5 of 5
1,377 Views
0
v-lid-msft
Community Support
Community Support

‎02-11-2020 10:59 PM

Hi @JBFF ,


Does this issue have been resolved?Could you please provide more details about it If it still not be resolved? Please don't contain any Confidential Information or Real data in your reply.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 3 of 5
1,403 Views
0
GilbertQ
Super User
Super User

‎01-12-2020 03:08 PM
Are there any more error details or screenshots you could share?




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 5
1,442 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

Feb2025 NL Carousel

Fabric Community Update - February 2025

Find out what's new and trending in the Fabric community.

View All