How to Configure OpenShift master authentication with Azure Active Directory - Red Hat Customer Portal

Issue

How to authenticate OpenShift with Azure Active Directory?
Which can be available, Azure OpenID v1 or v2 endpoint?
Can't log in to OpenShift after integrated with Azure Active Directory with below error after Active Directory login is succeeded
There are several error messages according to which value is wrong, Here are the examples.
- AADSTS50020: User account 'XXX@example.com' does not exist in tenant 'YYY' and cannot access the application 'ZZZZ' in that tenant.
- AADSTS90002: No service namespace named 'ZZZZ' was found in the data store.
- AADSTS70001: Application with identifier 'ZZZZ' was not found in the directory DDDD
- An authentication error occurred (message in OpenShift Console page)
- 403 error (json formatted text message)
- AADSTS90093: An administrator of 'YYY' has set a policy that prevents you from granting 'AAA' the permissions it is requesting.

Environment

OpenShift Container Platform 3.x
Microsoft Azure Active Directory OpenID connect
Microsoft Active Directory Federation Service OpenID connect
We don't test ADFS but it should work as far as ADFS OpenID connect behaves as an OpenID.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2026 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)