Apologies for the late reply and thank you again for your earlier guidance. I’ve been working based on your suggestion to configure everything through Microsoft Entra External ID instead of B2C.
I wanted to confirm the flow I implemented and understand where I might be going wrong because goal is to get an IDP-initiated SAML flow working.
Current Setup:
- App Registration in Azure Entra External ID (used only for Power Pages connection).
- Configured SAML/WS-Fed Identity Provider under Entra External ID
- Configured Power Pages authentication to use Entra External ID
- Shared the Entity ID and ACS URL with the customer
- Customer uses Google Workspace SAML, and has mapped standard claims like
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
What Happens During IDP-Initiated Sign-In:
When the customer launches the login from their Google Workspace SAML app they get redirected to the Microsoft login page and receive this error:
AADSTS901004: Expected parameter estsrequest not found.
Request Id: 1a3bec72-0f9a-4707-b0f5-987d84460100
Timestamp: 2025-11-24T16:11:13Z
I have attached error photo below for better understanding
What I Need Your Guidance On
Since we want IDP-initiated flow to work I’m trying to understand:
- Are we missing a required parameter (e.g estsrequest) that Entra External ID expects for IDP-initiated authentication?
- Or is our Entra External ID configuration incomplete for supporting IDP-initiated flow even though SP-initiated is working?
- Is there any additional linkage needed between the App Registration and the SAML IdP?
- Are there known limitations with External ID (we are currently on the free trial) that might block IDP-initiated SAML?
Any insight into where our flow might be misconfigured would really help I want to make sure I not overlooking a required step for IDP-initiated SAML.
Thanks again for your time and support!
Thanks,
Malav
