Cloud Managed Networks

 View Only

  • 1.  CloudAuth with Microsoft Entra ID one user authentication reject

    Posted Jul 25, 2025 08:37 AM

    Hi all,

    thank you in advance.

    I use Aruba central Cloud Auth associated to Microsoft Entra ID (Azure AD) to associates to an SSID. The system is AOS 10 and is running since  2 years. 

    From 7 days just one user cannot autenticate any more.  Before it was working properly. From Central the user receive Error: "Unauthorized: reject_by_external_auth".

    We duoble check the config in Azure AD and the config is ok: the user is member of a group shared with central, the group is connected to a role in Central/Security/Auth&Policy/user access policy

    Other users of the same group work properly.

    Just tried to move the users to other groups

    Could you share some to check I should do in Central and Azure AD.



  • 2.  RE: CloudAuth with Microsoft Entra ID one user authentication reject

    Posted Jul 25, 2025 10:23 AM

    The best is to open a TAC case so they can analyze why this is not working. There are normally two checks done

    1. Does the user account exists and is it enabled?
    2. Group membership


    ------------------------------
    Willem Bargeman
    Systems Engineer Aruba
    ACEX #125
    ------------------------------

    Original Message


  • 3.  RE: CloudAuth with Microsoft Entra ID one user authentication reject

    Posted Jul 28, 2025 03:25 AM

    Did you verify that the Application Registration and Client Secret are still active and not expired?

    Please let us know when you found the issue what it was to help others.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 4.  RE: CloudAuth with Microsoft Entra ID one user authentication reject

    Posted Jul 28, 2025 09:42 AM

    Hi all,

    thank you very much for your help.

    I have a case opened with TAC but we still have the issue.

    Hi all,

    thank you very much for your help.

    I have a case opened with TAC but we still have the issue.

    My tests (some indicated by TAC):

    - The user does exists in O365, it works properly in other application with O365 authentication.
    - Other users of the same group work properly (they can connect to the Wi-Fi).
    - I have created a new O365 group with associated Role in Central: the group works properly for an existing user and a new user but not for the users with the issue.
    - TAC asked me to:
        1- Forget the WLAN (doing so i don't see anymore the wlan profile using cmd: )
        2- Delete the certificate from Windows11, Delete Aruba Onboard APP
        3- Reinstall  Aruba Onboard APP and the download the certificate
        -> Did the test but I still have the issue

    In 365 I just see success event" for the user with the issue.

    It seems to be an users issue, because other users are ok, please do you know about something I should check in O365?


    Original Message


Related Content