FAQs and support
/
Errors
/
Login issues
Last updated

Login issues

This section addresses common errors users encounter during login:

How to fix "Redirect uri wasn't found"?

If you encounter the following error while trying to log in:

"errors":["Redirect uri wasn't found"]

Follow these steps to resolve it:

  1. Open the Network tab in your browser's developer tools.
  2. Refresh the page to reproduce the error and display it in the Network tab.
  3. Locate the request marked in red, click on it, and navigate to the Payload tab.
  4. Copy the value of the redirect_uri field.

login-issues-1

  1. Open the Frontegg portal.
  2. Navigate to: [ENVIRONMENT] ➜ Configurations → Authentication → Login method → Hosted login, and add the URL to the list. Save your changes to apply them.

Once updated, try logging in again.

Why do I get "Sorry, this page can't be found!" OR "Sorry, you have been blocked" when navigating to the login box?

If you encounter the errors "Sorry, this page can't be found!" or "Sorry, you have been blocked" while navigating to the login box, it may be because the root path (/) of your domain is blocked when using Hosted Login in Frontegg.

login-issues-2

login-issues-3

Resolution

To avoid these errors, ensure your users are directed to the login endpoint (/oauth/account/login) instead of the root path (/). Updating your application to route users correctly will resolve these issues.

Why do I get "You can't log in. Contact an admin for help"?

If you see the error message "You can't log in. Contact an admin for help." in the login box, it indicates that your access is being blocked by an active security rule.

Troubleshooting steps

  1. Check active security rules
    Navigate to the security rules configured for your environment to identify which rule might be blocking the user:
    On the Frontegg portal, go to [ENVIRONMENT] ➜ Configurations ➜ Security ➜ Security rules.

  2. Review security logs
    Use the security logs to pinpoint the exact rule triggered and the user affected:
    On the Frontegg portal, go to [ENVIRONMENT] ➜ Analytics ➜ Monitoring.

Why do I get "Couldn't sign you in" error when using Microsoft Login?

If you encounter the error "Couldn't sign you in: Cannot resolve user profile, please check the identity provider configuration" while using Microsoft Login, it may be caused by the way Azure Active Directory (Azure AD) handles enterprise users.

This error typically occurs when enterprise Azure users are used from Azure AD, and an email is not associated with these users by default.

Resolution

To resolve this, follow these steps to configure Azure AD to send the email with the user's JWT:

  1. Open the Azure portal.
  2. Navigate to Azure Active DirectoryApp registrations ➜ [YOUR_APP_NAME] ➜ Token configuration.
  3. Click Add optional claimID.
  4. Check the box for Turn on Microsoft Graph profile permission.
  5. Also, check the box for UPN (User Principal Name).

login-issues-4

After saving the changes, try logging in again. Frontegg should now be able to extract the email from the newly added UPN field sent with the user’s JWT.

Why does my Azure AD OIDC throw "Can't sign you in"?

If you're encountering the "Can't sign you in" error with an Azure AD OIDC connection, there are a couple of common issues to check:

1. Secret key configuration

When setting up an SSO connection via OpenID Connect in the self-service portal, ensure that you are using the Value of the Secret Key, not the Secret ID. This is a common mistake when integrating Azure AD as your identity provider (IDP).

login-issues-5

2. User email configuration

Make sure that the user's email is correctly populated under their user properties in Azure AD. An empty or missing email field can cause the authentication to fail.

login-issues-6

After verifying these details, try signing in again. This should resolve the "Can't sign you in" issue with Azure AD OIDC.