Frequently Asked Questions¶
Why am I always redirected to /accounts/profile/ after login?¶
This is default Django behaviour. You can change it by setting the Django setting named LOGIN_REDIRECT_URL.
How do I store additional info about a user?¶
django_entra_auth can only store information in existing fields of the user model.
If you want to store extra info, you’ll have to extend the default user model with extra fields and adjust
the CLAIM_MAPPING setting accordingly.
I’m receiving a KeyError: 'upn' error when authenticating.¶
In some circumstances, Entra ID does not send the upn claim used to determine the username. This is observed to happen
with guest users who’s source in the users overview of Entra ID is Microsoft Account instead of
Microsoft Entra ID.
In such cases, try setting the USERNAME_CLAIM to email instead of the default upn. Or create a
new user in your Entra ID directory.
Why is a user added and removed from the same group on every login?¶
This can be caused by having a case insensitive database, such as a MySQL database with default settings.
You can read more about collation settings
in the official documentation.
The redirect_uri starts with HTTP, while my site is HTTPS only.¶
When you run Django behind a TLS terminating webserver or load balancer, then Django doesn’t know the client arrived
over a HTTPS connection. It will only see the plain HTTP traffic. Therefore, the link it generates and sends to Entra ID
as the redirect_uri query parameter, will start with HTTP, instead of HTTPS.
To tell Django to generate HTTPS links, you need to set its SECURE_PROXY_SSL_HEADER setting and inject the correct
HTTP header and value on your web server.
For more info, have a look at Django’s docs.
I cannot get it working!¶
Make sure you follow the instructions in the troubleshooting guide. It will enable debugging and can quickly tell you what is wrong.
Also, walk through the Settings Reference once, you might find one that needs to be adjusted to match your situation.
What is the relationship between django-entra-auth and django-auth-adfs?¶
django-entra-auth is derived from the work of Joris Beckers and contributors on django-auth-adfs. The original project provided authentication for both ADFS on Windows Server and Azure AD.
This project focuses specifically on Microsoft Entra ID (formerly Azure AD) integration, with specialized features like the token lifecycle management system and On-Behalf-Of token support for Microsoft Graph API access. We have maintained compatibility with the original API where possible, which is why many class names still have the “Adfs” prefix.
We’re grateful to the original authors for their excellent work which made this specialized version possible.