Share via

Google Identity Provider Authorization Issue at Microsoft Entra External Id

Thangamani Balasubramanian 5 Reputation points
2025-11-20T06:12:11.01+00:00

Hi Team,
We are using Microsoft Entra external Id for our application login, here we are configured the build-in google IDP and invite google users into external Id and allows sign in with google!

When Initially user sign in via user-flow with google everything works fine and after some hour (12 - 15 hours) when user tries to attempt the login it gets error (Access Blocked: Parameter not allowed for this message type: username)

We have trouble shooting this problem and found some root causes its happens because of invalid oauth request raised from Entra external Id -> google

Initial Request (Entra to google) 
login_hint : {user gmail}

After some hour (12 - 15 hours) (Entra to google)
username: {external id user principal name}

Instead of login hint param's username get passed it not allowed by google! can you please help me to resolve this issue?

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Dierckens 0 Reputation points
    2025-12-04T14:02:45.4966667+00:00

    I experience the same issue. The initial connection between Entra en Google works as it should. After a period of time (in most cases the day after) I get this error.

    Retrying the request immediately after the failed attempt is successfull. Untill a day later, the same issue occurs!

    Research indicates that the first attempt (day after successful login) uses the refresh token flow, which fails due to the unallowed username parameter.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.