This guide will help resolve an error that occurs when a user attempts to authenticate with Okta as an external authentication method (EAM) for Entra ID. The following error is returned:

We couldn't complete your verification 

Message: AADSTS5001255: Failed to validate authorization url of external authentication provider.

• Okta
• Entra ID
• External Authentication Method
• Okta Identity Engine (OIE)

The error occurs because the Redirect URI for the Okta application registration is configured incorrectly in Entra ID. 

1. In Entra ID, ensure the application registration is set to the WEB type.

2. Verify the Redirect URI is configured with the correct value for the environment:
   • Production: https://<org-name>.okta.com/oauth2/v1/authorize 
   • Preview: https://<org-name>.oktapreview.com/oauth2/v1/authorize 

Related References

• Configure Okta as an external authentication method for Microsoft Entra ID