User testinguser failed an allow map and was denied access via authenticator Entra ID in Red Hat Ansible Automation Platform 2.6

Solution Verified - Updated -

Environment

  • Red Hat Ansible Automation Platform (Ansible Automation Platform) 2.6
  • Microsoft EntraID

Issue

  • Users get the following error message when logging via Entra ID - "Unable to complete social auth login".

Resolution

  • Verify if the allow map naming is correct.
  • Check the permissions for the specific EntraID user.

Root Cause

  • Allow maps configured in EntraID authenticator are not valid.
  • Permissions for the specific user has not been assigned in EntraID.

Diagnostic Steps

  • Go to the must gather file and check the gateway api container logs.

    - omc logs aap-platform-gateway-86f675dd84-s4bds api

  • Search for this specific WARNING message:

    2026-05-21T08:45:18.750651375Z 2026-05-21 08:45:18,750 WARNING  d4f4c4fb-d740-442e-9ce3-4cab536fc68f   aap.auth_audit [10.10.10.23] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)  Chrome/148.0.0.0 Safari/537.36" User testinguser failed an allow map and was denied access via authenticator Entra ID

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments