Azure Sign-In Error:
AADSTS90034: Couldn’t Get valid user code.
Recently I have been working closely with several Government customers who are leveraging services located within the Government Community Cloud + High. When attempting to setup their device to integrate with Intune services, the user attempts to open the Company Portal Application and sign in.
During this process they encounter a dreaded error that I have been unable to locate any documentation on. However, the root of the problem is that the Company Portal application is configured to connect to the wrong Cloud Instance of Azure.
The company portal can be configured in three ways:
- Automatic
- Public
- Government
The key to finding the resolution was within the following article:
Authentication Doesn’t Redirect to the Government Cloud
Government users signing in from another device are redirected to the public cloud for authentication rather than the government cloud.
Cause: Azure AD does not yet support redirecting to the government cloud when signing in from another device.
Resolution
Use the iOS Company Portal Cloud setting in the Settings app to redirect government users’ authentication towards the government cloud. By default, the Cloud setting is set to Automatic and Company Portal directs authentication towards the cloud that is automatically detected by the device (such as Public or Government). Government users who are signing in from another device will need to manually select the government cloud for authentication.
Open the Settings app and select Company Portal. In the Company Portal settings, select Cloud. Set the Cloud to Government.
Note: As of writing this article, I am continuing to research the method by which this can be configured via Intune Endpoint Management. It appears this must be a custom configuration which require additional syntax to deploy to the endpoint. In the interim, users can make this change manually on their phones from within Settings > Company Portal.