Error 422: The change you wanted was rejected. [External users only]

  • Used Zammad version: 4.0.x
  • Used Zammad installation type: source
  • Operating system: Ubuntu 18.04.5 LTS
  • Browser + version: Google Chrome / Microsoft Edge Chromium

Expected behavior:

  • Log in with Microsoft 365 credentials. Works fine with internal tenant users, but not with external users having a “name_domain.extension#EXT#@tenantdomain.onmicrosoft.com” User principal name.

Actual behavior:

  • User is granted prermissions in Azure AD as user of the app, but wen authenticated he/she is redirected to the Zammad 422 error page.

Steps to reproduce the behavior:

  • Invite new external Guest user to Azure AD and grant it permissions to Zammad app.

I think it has someting to do with the principle name (witch is not the mail address), so maybe zammad does not “match” the right user with the right credentials.

Any thoughts on this?

image

It seems not consitent. When i just tested it with another new external user, at first the 422 error appeared. but when closing the browser and starting a new session, the procedure whent as expected.

I will now try to resolve the other external account, where the 422 is still appearing.

So let’s compare…
Betting that the failing user was not coming from office 365 originally but existed before trying to authenticate and the working user was created with logging in.

You may want to have a look into the documentation at this part:
https://admin-docs.zammad.org/en/latest/settings/security/third-party.html#automatic-account-link-on-initial-logon

Further reasons may be found in your production.log. Error 422 can have various reasons.