KnowledgeBase: You receive error AADSTS50052 when you sign into Azure AD and Azure AD-integrated applications and services

KnowledgeBase

Azure Active Directory is the identity platform to many of today’s organizational applications and services. When you can’t sign in, then this poses a big challenge to achieve productivity, either as an administrator or an end-user.

This blogpost provides the instructions to solve the situation, when you receive error AADSTS50052, when signing into Azure AD and Azure AD-integrated applications and services.

  

The situation

You are a security-focused professional, working for/with an organization that requires strong passwords.

Your organization allows you to sign into Azure AD and/or Azure AD-integrated applications and services using either a cloud-only account or an account that has its password synchronized from an on-premises environment.

 

The issue

When you sign in to Azure Active Directory and/or an Azure AD-integrated application and/or service, you can’t sign in.

Instead, login.microsoft.com provides an error message:

AADSTS50052 InvalidPasswordExceedsMaxLength

You can’t sign in.

  

The cause

The error occurs, because you are trying to sign in with an account that has a password of over 256 characters.

This limit on passwords is in effect in Azure AD since March 13th, 2020, at 10AM PST (18:00 UTC).

  

The solution

To successfully sign-in, the password needs to be changed.

Cloud-only account

For a cloud-only Azure account, you can reset the password for the account using the Azure AD self-service password reset (SSPR) functionality. Visit https://aka.ms/sspr to do so.

When the Azure AD self-service password reset (SSPR) functionality is not offered by the organization, an administrator needs to reset the password. If all accounts within the Azure AD tenant are configured with passwords over 256 characters, either:

  1. Sign in with the initial Azure AD administrator account, as this account is configured with the Azure AD self-service password reset (SSPR) functionality, by default.
  2. Sign in with an Azure AD administrator account that is equipped with a FIDO 2 security key.

Synchronized account

For a synchronized account, sign into the on-premises identity platform and reset the password or have the password reset in the on-premises identity platform to a password that is configured with 256 characters or less.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.