I was able to get around it by switching to the old UI
Entra External ID - Unable to enable native authentication
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 78%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Aaron Zhong
10
Reputation points
I'm unable to enable native authentication for my application under App registrations > Authentication > Settings > Enable native authentication. It says saved successfully but when I refresh the page it is still off and my application is throwing the error AADSTS55113: Native Authentication is not enabled on the Client.
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
3 answers
Sort by: Most helpful
-
Aaron Zhong 10 Reputation points
2025-08-01T02:32:36.7433333+00:00 -
Jerald Felix 4,450 Reputation points2025-08-01T03:37:43.21+00:00 Thanks for sharing it. If you feel the answer really helped you to solve the issue “Accept Answer”
Sign in to comment -
-
Jerald Felix 4,450 Reputation points
2025-08-01T02:01:11.6566667+00:00 Hello Aaron Zhong!
This is a frustrating issue and you’re not alone—other users have noticed that “Enable native authentication” for Entra External ID sometimes shows as saved, but stays disabled after refreshing, and authentication attempts continue to return AADSTS55113.
Here’s what you can do:
Check Permission/Role: Ensure your account has sufficient permissions on the tenant and the application registration to change authentication settings. Sometimes, changes silently fail if you’re not a global administrator or don’t have Application Administrator rights.
Browser/Portal Cache: Try clearing your browser cache or using an incognito window. Occasionally, the portal UI doesn’t immediately sync with backend changes.
Wait and Retry: Sometimes, changes in Entra (formerly Azure AD) portal take several minutes to propagate. Wait 10–15 minutes and refresh again.
Use Microsoft Graph API: To bypass the portal, try enabling native authentication using Microsoft Graph API or Azure CLI. Sometimes changes made through the API stick even when the portal UI is buggy.
Check Tenant and Application Type: Double-check that your application is configured for “Public client/native (mobile & desktop)” and that the tenant’s authentication policies haven’t blocked native auth for apps.
Recent Bugs/Outages: Microsoft has rolled out big changes to External ID and Entra in recent months—UI glitches and backend bugs do happen. Check Azure status or known issues for any relevant incidents.
Contact Microsoft Support: If the setting still refuses to persist—even via API—and your app still throws the native authentication error, open a support ticket with Microsoft. Share the details and screenshots so they can escalate the issue.
For now, you may want to use “Web” or “SPA” types as a workaround if your scenario supports it, until native authentication can be enabled reliably.
Best regards
Jerald Felix
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 4%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Monalisha Jena 0 Reputation points Microsoft External Staff Moderator2025-08-11T15:34:26.2066667+00:00 Hello Aaron Zhong,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Thanks for sharing that you were able to enable native authentication by switching back to the old Azure AD portal UI, that’s a great workaround!
Just to add:• This is a known UI glitch in the newer Entra External ID portal experience where the “Enable native authentication” toggle doesn’t persist correctly.
• Using the old Azure portal or Azure AD classic portal often lets you save and confirm this setting reliably.
• Alternatively, you can enable native authentication via Microsoft Graph API by setting allow Public Client to true on your app registration.
• Also ensure you have sufficient admin privileges (Global Admin or Application Admin) to make this change.
Keep in mind changes might take a few minutes to propagate after saving.
If you want, here’s the Microsoft documentation on enabling native authentication via API for a smoother experience:
Thanks again for sharing your solution, this will definitely help others facing the same frustrating issue!
Hope this helps. Do let us know if you have any further queries.Please "Accept the answer" if the information is helpful to you. This will help us and others in the community as well.
Regards,Monalisha