Auth0 Support Center - Azure AD Login Fails with Error "AADSTS900432: failed to obtain access token"

Azure AD Login Fails with Error "AADSTS900432: failed to obtain access token"

Mar 26, 2026

Overview

Logging in to an Azure Active Directory (Azure AD) connection fails. The tenant log for the failed login shows an Azure error message:

error_description\":\"AADSTS900432: Confidential Client is not supported in Cross Cloud request.

The following is an example of the tenant log information.

{
"type": "f",
"description": "failed to obtain access token",
"connection_id": "",
"details": {
    "error": {
      "message": "failed to obtain access token",
      "oauthError": "invalid_request",
      "type": "request-error",
      "payload": "{\"error\":\"invalid_request\",\"error_description\":\"AADSTS900432: Confidential Client is not supported in Cross Cloud request."}"
    },
}

Applies To

Azure AD
Failed Login

Cause

This error occurs because the Client Secret in Azure AD has expired, or an incorrect variable is being used.

Solution

Generate a new Client Secret in Azure AD.
Save the variable from the Value field in the Auth0 connection's Client Secret option. Do not use the Secret ID.
Review the Creating a client secret documentation for additional details.

NOTE: Once a secret is generated for the Azure AD connection, the Value is hidden, and the Secret ID remains visible.