Single sign-on to ArcGIS Enterprise fails with an Azure Active Directory SAML identity

Description

When trying to log in (single sign-on) to ArcGIS Enterprise with an Azure Active Directory SAML identity, the following error is returned:

Error:
Sorry, but we’re having trouble signing you in.

AADSTS700016: Application with identifier '<host.company.com.portal>' was not found in the directory '<Company>'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Cause

The problem is due to a mismatch between the Identifier (Entity ID) specified in the Basic SAML Configuration of the enterprise application in Microsoft Entra ID and the Entity ID configured in the SAML/Enterprise login settings of the ArcGIS Enterprise portal.

Solution or Workaround

To resolve the error, ensure the Entity ID in ArcGIS Enterprise matches the Identifier (Entity ID) configured in Microsoft Entra ID (Azure AD).

1. Access the SAML/Enterprise login configuration in ArcGIS Enterprise.
   1. Log in to the ArcGIS Enterprise portal as an administrator.
   2. Navigate to Organization > Settings > Security > Logins.
   3. Click Configure login.
   4. Click Show advanced settings.
   5. Find the Entity ID configuration item and copy it to the clipboard or another location.
2. Configure the Basic SAML Configuration in Microsoft Entra ID (Azure AD).
   1. Log in to the Microsoft Azure portal.
   2. Navigate to Home > Azure Active Directory > Enterprise applications > <applicationName>.
   3. Navigate to Manage > Single sign-on.
   4. Click the Edit link in the Basic SAML Configuration section.
   5. Paste the Entity ID value from the ArcGIS Enterprise portal in to the Identifier (Entity ID) field.
   6. Save the configuration.