Azure AD - not redirecting back to Ionic app after successful MFA authentication in iOS phones

Question

Is there any reason if the Azure AD login is not redirecting back to the mobile app after successful MFA authentication with Azure AD?

Our app is built in Ionic Capacitor and the plugin that connects to the Azure AD authentication is the Auth Connect plugin

I checked the application's config and seems fine.

It only happens to some users

they stuck in this view after login validation is success

EDIT:

I just noticed that this issue occurs when there is another app that uses Microsoft Online as login authentication

the browser asks for which app is going to redirect its authentication

which I believe that some users experiencing the same although the pop up that asks which app the authentication will redirect is not displaying on their side

Answer 1

The "unauthorized error" usually occurs if the users don't have access to the Application or if any policy is restricting the users to login.

To resolve the error, try the below:

• Check whether the users have access to the Application:

Go to Enterprise Application -> Your App -> Users and Groups

• Check whether the MFA is enabled or not. Enable it like below and test the secondary factor prompt during a sign-in event.

Go to Azure Portal -> Security -> Conditional Access -> Create New Policy

If still the issue persists, check whether the there is any organizational level policy that is restricting some users:

And also Check if SSO is enabled for users and check if cookies are causing the issue.

If you are using ASP.NET Core Identity, try disabling the protection by configuring cookies using the below code:

services.ConfigureExternalCookie(options => {
    // Other options
    options.Cookie.SameSite = SameSiteMode.None; }); services.ConfigureApplicationCookie(options => {
    // Other options
    options.Cookie.SameSite = SameSiteMode.None; });

Reference:

Azure active directory ioS redirection issue by Kartik Bhiwapurkar