Passwordless options failing from SAML

[mhegreberg]

We're testing FIDO2 cards for SSO auth at our org. they work great for getting into a number of things, but Azure AD(Entra ID) reports this error when I sign into Snipe-IT with a Fido Key:

AADSTS75011: Authentication method 'MultiFactor, Fido, X509Device' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'. Contact the Snipe-IT application owner.

As far as I can tell, this isn't a configuration issue on the IdP side, and I don't see an "allowed methods" rule within the SSO settings in Snipe IT.

Am I missing something, or is this expected behavior?

I'm running the Snipe-IT docker container within an on-prem k8s cluster, if that makes a difference.

[uberbrady]

There's an extra option you can set that helps with that, which might handle this for you - does this help? https://snipe-it.readme.io/docs/saml#additional-azure-ad-troubleshooting

Snipe-IT Documentation

SAML

Configuration guidelines for SAML Single-Sign On (SSO) support

[mhegreberg]

This Worked! I read the docs a few times but somehow missed this. Thanks!