Microsoft Azure AD with MFA + Vault OIDC

u_dawgy · July 27, 2023, 12:51pm

Hi there,

We are trying to integrate our Hashicorp Vault which is on prem with Azure Authentication using groups. All looks ok but when we try and log in we get , "
Error

Vault login failed. Error exchanging oidc code: “Provider.Exchange: id_token failed verification: Provider.VerifyIDToken: invalid id_token: failed to verify signature: failed to verify id token signature: invalid signature”." . After logging in with our azure account. Our Azure accounts have MFA enabled . is this supported? Any help or pointers will be greatly appreciated.

jeffsanicola · July 31, 2023, 6:11pm

It should work as that’s what my company uses.

I’m not sure of any special settings on the Azure AD side outside of what’s defined in the docs:

cc1 · February 8, 2024, 8:45am

@u_dawgy did you manage to fix this?
I recently set up my vault environment and got the same error…

Topic		Replies	Views
Integration of Azure AD with Hashicorp Vault Vault azure	1	900	July 12, 2021
OIDC configuration with Azure AD (Entra) Vault vault	3	887	February 26, 2024
Vault - OIDC Azure AD Integration \| Restrict secret access based on Azure AD Groups Vault vault	2	398	September 12, 2022
Azure AD interactive login via UI Vault	3	1777	July 9, 2020
HashiCorp Vault Authentication using Azure Active Directory & Terraform Vault	0	343	March 27, 2022

Microsoft Azure AD with MFA + Vault OIDC

Related topics