Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
sbabu
Staff
Staff

Created on ‎02-05-2025 05:11 AM

Article Id 374835

Troubleshooting Tip: FortiSASE Azure SAML SSO Issue while logging, 'ERROR - AADSTS50011'

Description

 

This article describes how to fix Error: AADSTS50011 while connecting to FortiSASE VPN, which is configured with SAML SSO.

 

Scope

 

FortiClient, FortiSASE, Azure.

 

Solution

 

This error occurs if the redirect URI configured in the FortiSASE and Microsoft Entra app registration do not match. 

 

Copy the redirect URI, i.e. ms-appx-web://Microsoft.AAD.BrokerPlugin/65033a96-187a-46e9-a64c-43401652d525.

 

Allow_Automatic_Sign_on.JPG

 

To fix this issue, navigate to APP registration for the FortiSASE application in Azure and select Authentication.

 

image (1).png

 

Select Add a platform and select 'mobile and desktop applications', then paste the 'ms-appx-web' URI under the custom redirect URL, which was received in error while connecting the VPN. 

 

Note: Paste the complete 'ms-appx-web' URI in customer redirect URL. For example: ms-appx-web://Microsoft.AAD.BrokerPlugin/65033a96-187a-46e9-a64c-43401652d525


After configuring the custom redirect URL, save the changes in the Azure portal, and try reconnecting the FortiSASE VPN.

131
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.