Troubleshooting the EDS

Troubleshooting the EDS

Sync Issues

1.1 Incorrect Configuration (Web)

On My1Login web, the Entra Directory screen must be filled out with the following details:
  • Tenant ID (needed to identify which Azure Tenant to sync from)
  • Filter (needed to identify which Administrative Unit or Group to filter from).
    Ensure Filter values are correct.
    Multiple filter strings should be separated by parentheses. Possible Filter values include:

    • (AU=<Admin_Unit_Name_1>)

      • gets users and groups within an Admin Unit

    • (Group=<Group_Name_1>)

      • gets users and groups within a group

    • (AU=<Admin_Unit_Name_1>,Group=<Child_Group_Name>)

      • gets users from a child group (within an Admin Unit)

    • (Group=<Parent_Group_Name>, Group=<Child_Group_Name>)

      • gets users from a child group (within a parent group)

    • (AU=<Admin_Unit_Name_1>,Group=<Parent_Group_Name>, Group=<Child_Group_Name>)

      • gets users from a child group (within a parent group which is within an Admin Unit)

    • (AU=<Admin_Unit_Name_1>,Group=<Group_1>)(AU=<Admin_Unit_Name_1>,Group=<Group_2>)

      • gets users from Group_1 and Group_2 (within the same Admin Unit)

    • (AU=<Admin_Unit_Name_1>,Group=<Group_1>)(AU=<Admin_Unit_Name_2>,Group=<Group_3>)

      • gets users from Group_1 and Group_3 (within different Admin Units)

  • Active - this checkbox should be checked to enable sync.


The OIDC button must also be configured with the IDP URL, Issuer, Client ID and Client Secret:

More information on Web config can be found in the setup documentation: Entra Directory Sync (EDS)

1.2 Incorrect Configuration (EDS)

  • After logging in to the EDS, most configuration values will populate automatically from the web.

    • Client ID and Secret must be entered manually

    • Client ID/Secret values can be tested by saving, running the EDS, and clicking the Test Settings button on the Entra Directory screen. If the EDS can communicate with the Azure Tenant, the user will see a success notification, or an error notification otherwise.

  • EDS will fail to start if there are any configuration issues.

1.3 Incorrect Configuration (Azure)

  • If the EDS logs reports any Microsoft OData errors, then this indicates that the EDS application within Azure does not have sufficient rights to fetch user/group/AU data. Ensure that the Azure application has the correct permissions - information on how to add permissions can be found here: Create EDS Application in Azure - Step 6

1.4 User has no email address set

If only a few select users are not syncing, then check their properties on Azure to ensure they have email addresses associated with the user. The email address is used as their username on My1Login, and so is required.

Most users will automatically have their Entra ID email address associated with their user, however in some cases it seems to be bypassed (e.g. tenant owners seem to be missing email addresses and have to be manually added)


Email field must contain a value for users to be able to sync

Login Issues

Users are presented with this screen when login issues occur

2.1 Incorrect Configuration (Azure)

After logging in with Microsoft, if the following screen appears, there is an issue with the redirect URL. Check that the redirect URL set up in the EDS app in the Azure Portal is correct. Details on EDS app configuration can be found here: Create EDS Application in Azure - Step 4

Error screen from Microsoft stating that the redirect URL has been wrongly configured in Azure

Expired Client Secret

  • Client secrets expire - depending on lifespan on creation

  • Expired client secret will impact sync and seamless SSO

  • Check client secret: Azure | Microsoft Entra ID | App Registrations | All Applications | My1Login | Clients and Secrets 

  • If expired, + new secret

  • Update on My1Login Security OIDC config page and also on EDS Admin UI under Server Settings

    • Related Articles

    • Troubleshooting: The Active Directory Connector (ADC)

      If you are experiencing unexpected behaviour with your ADC, here are some quick checks you can perform: Check that the ADC is switched on and running Have you restarted the ADC? Is there an active internet connection on the server that is hosting the ...
    • Entra Directory Sync (EDS)

      The Entra Directory Sync (EDS) is the application which syncs users in an Entra ID Directory with My1Login. Prerequisite: This guide assumes you have already registered the EDS application in Azure. If you haven’t please follow the guide below first: ...
    • Troubleshooting: A user is unable to login to My1Login

      If a user is unable to login to My1Login, below are a simple set of checks to troubleshoot. Valid User: Check the user is registered with an account associated with your company. This could be either an email account or an Active Directory account. ...
    • Create EDS Application in Azure

      Sign into the appropriate Azure tenant. Access Microsoft Entra ID: Click “App registrations” in the sidebar, then click “New registration”: Enter a name for the application, i.e. EDS Under “Supported account types”, select “Accounts in this ...
    • Finding EDS Configuration Values in Azure

      To configure the EDS, you need 3 values: The Tenant ID of the Entra Directory The Client ID of the application The Client Secret of the application Finding the Values Open Azure Select correct directory Navigate to Microsoft Entra ID page Click App ...