## Login issues This section addresses common errors users encounter during login: - [How to fix "Redirect uri wasn't found"?](#how-to-fix-redirect-uri-wasnt-found) - [Why do I get "Sorry, this page can't be found!" OR "Sorry, you have been blocked" when navigating to the login box?](#why-do-i-get-sorry-this-page-cant-be-found-or-sorry-you-have-been-blocked-when-navigating-to-the-login-box) - [Why do I get "You can't log in. Contact an admin for help"?](#why-do-i-get-you-cant-log-in-contact-an-admin-for-help) - [Why do I get "Couldn't sign you in" error when using Microsoft Login?](#why-do-i-get-couldnt-sign-you-in-error-when-using-microsoft-login) - [Why does my Azure AD OIDC throw "Can't sign you in"?](#why-does-my-azure-ad-oidc-throw-cant-sign-you-in) ### How to fix "Redirect uri wasn't found"? If you encounter the following error while trying to log in: `"errors":["Redirect uri wasn't found"]` Follow these steps to resolve it: 1. Open the **Network** tab in your browser's developer tools. 2. Refresh the page to reproduce the error and display it in the **Network** tab. 3. Locate the request marked in red, click on it, and navigate to the **Payload** tab. 4. Copy the value of the `redirect_uri` field. ![login-issues-1](/assets/login-issues-1.ff0a73f8754096dcf2ac1037c514bcfe78b8a55903eb40ec4437d3703013c8be.ca890cf4.png) 1. Open the **Frontegg portal**. 2. Navigate to: [ENVIRONMENT] ➜ Configurations → Authentication → Login method → Hosted login, and add the URL to the list. Save your changes to apply them. Once updated, try logging in again. ### Why do I get "Sorry, this page can't be found!" OR "Sorry, you have been blocked" when navigating to the login box? If you encounter the errors *"Sorry, this page can't be found!"* or *"Sorry, you have been blocked"* while navigating to the login box, it may be because the root path (`/`) of your domain is blocked when using **Hosted Login** in Frontegg. ![login-issues-2](/assets/login-issues-2.dbb0b15c59e584c79fee80402b98f4809fabad965373dfbabfcc28dda36cdbc2.ca890cf4.png) ![login-issues-3](/assets/login-issues-3.e078b11151e7455bf351b7a6da9c04b71b3ef7b4ac830d398fb6a4579b29519c.ca890cf4.png) #### Resolution To avoid these errors, ensure your users are directed to the login endpoint (`/oauth/account/login`) instead of the root path (`/`). Updating your application to route users correctly will resolve these issues. ### Why do I get "You can't log in. Contact an admin for help"? If you see the error message *"You can't log in. Contact an admin for help."* in the login box, it indicates that your access is being blocked by an active security rule. #### Troubleshooting steps 1. **Check active security rules** Navigate to the security rules configured for your environment to identify which rule might be blocking the user: On the **Frontegg portal**, go to [ENVIRONMENT] ➜ Configurations ➜ Security ➜ Security rules. 2. **Review security logs** Use the security logs to pinpoint the exact rule triggered and the user affected: On the **Frontegg portal**, go to [ENVIRONMENT] ➜ Analytics ➜ Monitoring. ### Why do I get "Couldn't sign you in" error when using Microsoft Login? If you encounter the error *"Couldn't sign you in: Cannot resolve user profile, please check the identity provider configuration"* while using Microsoft Login, it may be caused by the way Azure Active Directory (Azure AD) handles enterprise users. This error typically occurs when **enterprise Azure users** are used from Azure AD, and an email is not associated with these users by default. #### Resolution To resolve this, follow these steps to configure Azure AD to send the email with the user's JWT: 1. Open the **Azure portal**. 2. Navigate to **Azure Active Directory** ➜ **App registrations** ➜ [YOUR_APP_NAME] ➜ **Token configuration**. 3. Click **Add optional claim** ➜ **ID**. 4. Check the box for **Turn on Microsoft Graph profile permission**. 5. Also, check the box for **UPN (User Principal Name)**. ![login-issues-4](/assets/login-issues-4.67f37a811737734de470193d57a9145e07afee2964a552b566df034a0205123f.ca890cf4.png) After saving the changes, try logging in again. Frontegg should now be able to extract the email from the newly added **UPN** field sent with the user’s JWT. ### Why does my Azure AD OIDC throw "Can't sign you in"? If you're encountering the "Can't sign you in" error with an **Azure AD OIDC** connection, there are a couple of common issues to check: #### 1. Secret key configuration When setting up an **SSO connection via OpenID Connect** in the self-service portal, ensure that you are using the **Value** of the **Secret Key**, not the **Secret ID**. This is a common mistake when integrating Azure AD as your identity provider (IDP). ![login-issues-5](/assets/login-issues-5.99ecdd6d0c4b1d8a1ecca404638bcd431f90a29edda3a92b923d5d3a4c2a9704.ca890cf4.png) #### 2. User email configuration Make sure that the user's **email** is correctly populated under their **user properties** in Azure AD. An empty or missing email field can cause the authentication to fail. ![login-issues-6](/assets/login-issues-6.a3d4b7831d9a48308c763bfbff52082032f15f68fa5d51e117a5243a485f5f13.ca890cf4.png) After verifying these details, try signing in again. This should resolve the "Can't sign you in" issue with Azure AD OIDC.