A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.

Sign in is not a problem and the same way of sign in is in the impersonation policy.

Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.

What am I doing wrong? the sso users have been created already in Graph, and they can sign in

• single-sign-on
• azure-ad-b2c-custom-policy
• user-accounts

Share Improve this question Follow asked Nov 16, 2024 at 14:20 IriaAMIriaAM 2544 bronze badges 1

• Other 3 users are created from Azure Portal? – Rukmini Commented Nov 18, 2024 at 3:31

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

the problem is that the signup is not done correctly for the user when SSO, so it is not properly done, therefore the user doesn't exist.