https://community.esri.com/t5/arcgis-pro-questions/authentication-provider-error-with-azure-ad/m-p/1414239#M82280 <P>Hi <a href="https://community.esri.com/t5/user/viewprofilepage/user-id/3223">@danbecker</a>,&nbsp;</P><P>Can you please confirm that you configured the redirect uri as "arcgis-pro://auth"? It doesn't need to be https since&nbsp;"arcgis-pro://auth" is not a localhost redirect uri.</P><P>Jonah&nbsp;</P> Tue, 23 Apr 2024 16:40:20 GMT JonahLay 2024-04-23T16:40:20Z https://community.esri.com/t5/arcgis-pro-questions/authentication-provider-error-with-azure-ad/m-p/1413829#M82247 <P>Our Azure tenant is deployed in Azure Government.&nbsp;</P><P>Followed these steps:&nbsp;<A href="https://pro.arcgis.com/en/pro-app/latest/get-started/connect-to-authentication-providers-from-arcgis-pro.htm" target="_blank" rel="noopener">Connect to authentication providers from ArcGIS Pro—ArcGIS Pro | Documentation</A></P><P>When I attempt to sign into the connection in Pro, I get this error:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 375px;"><img src="https://community.esri.com/t5/image/serverpage/image-id/101766i549EE6F5EA4DF215/image-size/large?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P><P>&nbsp;</P><P>I assigned demo_user permission to access the ArcGIS Pro Azure Enterprise app.</P><P>I also edited our conditional access policies to exclude demo_user from any policies requiring MFA.&nbsp;</P><P>Even with MFA, I complete the MS Authenticator prompt and still see this error in Pro.&nbsp;</P><P>The Azure enterprise app sign-in log shows successful login attempts with both MFA/not, no issues.&nbsp;</P><P>Anyone have any ideas?&nbsp;</P><P>&nbsp;</P><P>Here's my concern:&nbsp;<A href="https://learn.microsoft.com/en-us/entra/identity-platform/reply-url" target="_blank" rel="noopener">Redirect URI (reply URL) restrictions - Microsoft identity platform | Microsoft Learn</A></P><BLOCKQUOTE><P><SPAN>Redirect URIs must begin with the scheme&nbsp;</SPAN>https</P></BLOCKQUOTE><P>From the first link, step #1C when you register Pro as an Azure app:</P><OL class=""><LI><BLOCKQUOTE><SPAN>For&nbsp;<SPAN class="">Redirect URI</SPAN>, choose&nbsp;<SPAN class="">Mobile and desktop applications</SPAN>&nbsp;as the platform and enter the URI:&nbsp;<SPAN class="">arcgis-pro://auth</SPAN></SPAN></BLOCKQUOTE></LI></OL><P><SPAN><SPAN class="">Could this error be caused by the authorization server (Microsoft) not allowing demo_user to be redirected back to Pro because the arcgis-pro:// schema doesn't match the required https:// schema that MS requires?&nbsp;&nbsp;</SPAN></SPAN></P><P>&nbsp;</P> Tue, 23 Apr 2024 00:00:52 GMT https://community.esri.com/t5/arcgis-pro-questions/authentication-provider-error-with-azure-ad/m-p/1413829#M82247 danbecker 2024-04-23T00:00:52Z https://community.esri.com/t5/arcgis-pro-questions/authentication-provider-error-with-azure-ad/m-p/1414239#M82280 <P>Hi <a href="https://community.esri.com/t5/user/viewprofilepage/user-id/3223">@danbecker</a>,&nbsp;</P><P>Can you please confirm that you configured the redirect uri as "arcgis-pro://auth"? It doesn't need to be https since&nbsp;"arcgis-pro://auth" is not a localhost redirect uri.</P><P>Jonah&nbsp;</P> Tue, 23 Apr 2024 16:40:20 GMT https://community.esri.com/t5/arcgis-pro-questions/authentication-provider-error-with-azure-ad/m-p/1414239#M82280 JonahLay 2024-04-23T16:40:20Z https://community.esri.com/t5/arcgis-pro-questions/authentication-provider-error-with-azure-ad/m-p/1414252#M82281 <P><a href="https://community.esri.com/t5/user/viewprofilepage/user-id/190407">@JonahLay</a>&nbsp;</P><P>Yes, that redirect URI is what I have.&nbsp;</P><P>We can close this thread, the problem was a CA policy in InTune scoped to demo_user requiring "All users terms of use". This is odd because demo_user has already accepted our all users Terms of Use policy. So, it seems like the ESRI auth. connection doesnt' support that CA grant control.&nbsp;</P><P>After excluding demo_user from that CA policy, everything works as expected both with/without MFA.&nbsp;</P><P>This is great progress ESRI, thanks!&nbsp;</P> Tue, 23 Apr 2024 16:46:17 GMT https://community.esri.com/t5/arcgis-pro-questions/authentication-provider-error-with-azure-ad/m-p/1414252#M82281 danbecker 2024-04-23T16:46:17Z