This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 13%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Why am I receiving the federated identity error , when I'm using a client certificate/client_assertion key (jwt)?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 94%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
After some tinkering, I was able to resolve this. Essentially, you need to add a Federated credential to your App Registration. Navigate to Certificates & Secrets, then to the 'Federated credentials' tab and configure as follows:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 96%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYH%3C/text%3E%3C/svg%3E)
Hello Aundrea Vickers,
Thank you for reaching Microsoft Support!
According to the documentation, check that the federation credentials are configured on the App registration or Managed Identity.
If no configuration, please follow the documentation tutorial to configure.
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.
Hi Yakun,
I'm not using a federation credential to authenticate to the AAD. I’m using a client certificate ( client_assertion & client_assertion_type = bearer token) .
described here: https://learn.microsoft.com/en-us/graph/auth/auth-concepts
I am running into the same exact error. For the same App Registration, I am able to access an API through it using client, secret. But not successful with the certificate method.
What i have done: