Azure AD Sign-in Error 50011

Active Directory Auditing Tool
Get Your Free Trial Free, fully functional 30-day trial
Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Account Management » Azure AD Sign-in Error 50011

Error 50011 - The reply address is missing, mis configured, or does not match reply addresses configured for the application.

About Azure Activity sign-in activity reports:

Azure Active Directory's reporting tool generates 'Sign-in activity' reports that give you insights on who has performed the tasks that are enlisted in the Audit logs.

  • All Sign-in activity reports can be found under the Activity section of Azure Active Directory.
  • The default list view of Audit logs can be customized by adding additional fields.
  • The reports can also be filtered to let you view only the activities that are relevant. 
  • Here is an example of how a sign-in activity report looks like:

    azure-ad-sign-in-error-code-50011

Error description:

The reply address is either missing, mis configured, or does not match the reply addresses configured for the application.

Cause:

The AssertionConsumerServiceURL value in the SAML request doesn't match the Reply URL value or pattern configured in Azure AD. The AssertionConsumerServiceURL value in the SAML request is the URL you see in the error.

Steps to ensure that the AssertionConsumerServiceURL value in the SAML request is matching the Reply URL value configured in Azure AD:

  • Open the Azure portal and sign in as a Global Administrator or Co-admin.
  • Open the Azure Active Directory Extension by clicking All services at the top of the main left-hand navigation menu.
  • Type in “Azure Active Directory” in the filter search box and select the Azure Active Directory item.
  • Click Enterprise Applications from the Azure Active Directory left-hand navigation menu.
  • Click All Applications to view a list of all your applications.If you do not see the application you want show up here, use the Filter control at the top of the All Applications List and set the Show option to All Applications.
  • Select the application you want to configure single sign-on
  • Once the application loads, click the Single sign-on from the application’s left-hand navigation menu.
  • Go to Domain and URLs section. Verify or update the value in the Reply URL textbox to match the AssertionConsumerServiceURL value in the SAML request.If you don't see the Reply URL textbox, select the Show advanced URL settings checkbox.

After you have updated the Reply URL value in Azure AD and it’s matching the value sends by the application in the SAML request, you should be able to sign in to the application.

Auditing Azure AD environments with ADAudit Plus:

ADAudit Plus offers change monitoring for your Azure AD environment with the following features:

  • Correlated view across hybrid environments
  • Real-time alerts
  • Schedulable reports
  • Autonomous change remediation
  • Comprehensive search
  • Out-of-the-box compliance reports