A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.
Sign in is not a problem and the same way of sign in is in the impersonation policy.
Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.
What am I doing wrong? the sso users have been created already in Graph, and they can sign in
A set of users have been created manually. I have 3 users that belong to Entra and sign in with SSO. Those 3 users and another user (created manually)) belong to certain group (Entra group). I have an impersonation policy that checks if the signed in user belongs to this group, if it does, then the user is allowed to impersonate.
Sign in is not a problem and the same way of sign in is in the impersonation policy.
Now the problem: if the 4th user (the one that doesn't SSO), wants to impersonate a user that logs in with SSO, we get the mentioned error message: An account could not be found for the provided user ID. Also, when the user signs in using sso but using the impersonation policy, we get the following error: AADB2C99002: This user does not exist and profile 'AAD-UserReadUsingEmailAddress' requires the user to have already been created.
What am I doing wrong? the sso users have been created already in Graph, and they can sign in
the problem is that the signup is not done correctly for the user when SSO, so it is not properly done, therefore the user doesn't exist.
