Introduction
This article will go over an error you may encounter after setting up HCP OIDC SSO with Azure AD and how to solve the issue. You can find our instructions on how to setup HCP OIDC SSO with Azure AD.
Problem
After setting up HCP OIDC SSO with Azure AD, you may run into this error after typing in your SSO email into the email field on the sign in page.
Cause
The error is caused by a misconfigured Issuer URL.
Solution
Please ensure that you have the correct Issuer URL set in your SSO settings. The default Issuer URL looks similar to the following URL. Please replace AD_TENANT_ID with your "Directory (tenant) ID" in can find in your App registration Properties.
https://login.microsoftonline.com/AD_TENANT_ID/v2.0
An alternative way to retrieve the Issuer URL is to go to your App Registrations > Your App > Endpoints, copy the "OpenID Connect metadata document" URL, and paste this into your browser. The metadata that you are looking for is "issuer" value.