ISSUE
"AADSTS5007413: Authentication with external provider cannot be completed due to invalid provider discovery response".
CAUSE
From Februrary 2026 Microsoft made a change so that they would strictly only accept the Discovery URL and the JWKS URI in the following format:
https://yourdualshieldFQDN.com:8074/sso/.well-known/openid-configuration
https://yourdualshieldFQDN.com:8074/sso/.well-known/openid-configuration/jwks
If the integration was done before this time, you will see that the path included '/v1/authc/oauth/'. This is no longer valid and may cause the above issue when trying to sign in.
...
You will not be able to edit the Discovery URL field. ThereforeThe issue was fixed in DualShield version 8.0.7, therefore, you will need to upgrade to the latest version of DualShieldversion 8.0.7 or above.
Once the upgrade is complete and DualShield has fully started lopg into the Admin Console, go to SSO>SSO Servers and edit the Single Sign-On Server. Selec the Select the OpenID Connect tab at the top.
Click on the Load Default button at the top. You should see the values have automatically been updated. If not, click on the Load Default button at the top
...
Discovery URL and JWKS URI update
Click Save at the bottom.
Copy the new Discovery URL
On Azure, navigate to your EAM Policy and Click on Configure
Paste in the new Discovery URL as per the example below.
Save the change.
You may have to wait up to 20 minutes for Microsoft to refresh this configuration. Once done, please test again