What Causes the 'Cannot Contact Authority Using the Provided URL' Error During SSO Integration?

This article applies to all MetaDefender Managed File Transfer releases.

When setting up SSO (Single Sign-On) integration, you may encounter the following error:

"Cannot contact authority using the provided URL"

This typically indicates that the application is unable to reach the identity provider (IdP) endpoint specified during configuration. Below are the most common causes and steps to resolve them.

1. Network Connectivity or Proxy Configuration Issues

A frequent root cause of this error is improper network communication, often due to firewall, proxy, or system-level configuration issues. Even if the system appears to have internet connectivity (e.g., PowerShell or a browser can reach the URL), the application initiating the SSO (such as MFT) may be running under a different context—commonly the Local System account—which may not share the same proxy settings.

Resolution Steps:

Step 1: Verify MFT’s Proxy Configuration

  • Ensure that MFT is configured to use the correct proxy settings.
  • Attempt a direct connection from MFT to the IdP endpoint to verify connectivity.

Step 2: Manually Configure Proxy for Local System Account (if applicable) If MFT runs as a Windows service under the Local System account, the proxy settings must be explicitly configured for that context. For more detailed information, please refer to this support article: How do I Configure the Proxy Server?

2. Incorrect Authority URL Format

If you’re using Microsoft Entra ID, anothercommon reason for the error is an improperly formatted authority URL during configuration. The application may fail to contact the identity provider if the URL is missing required parameters or uses an incorrect structure.

Resolution:

Ensure that the authority URL follows this exact format:
  • Replace {directory (tenant) ID} with your actual Azure AD tenant ID.
  • Do not include trailing slashes or omit the /v2.0 unless the identity provider specifically requires it.

Incorrect example (missing version):

Correct example:

3. General Integration Troubleshooting Steps

If proxy settings and URL format appear correct but the issue persists, consider the following checks to further isolate the root cause:

  • Verify the IdP works with another application (outside of MFT) to confirm the identity provider is functioning correctly.
  • Temporarily bypass the proxy, if possible, to determine whether it’s interfering with the connection.
  • Test with a different IdP, if available, to rule out provider-specific issues.

Conclusion

This error is most often caused by connectivity restrictions or misconfigured URLs. By validating proxy settings for system-level accounts and double-checking your authority URL format, you can resolve the issue and proceed with SSO integration.

If you’ve verified both areas and are still experiencing issues, consider checking:

  • DNS resolution for the login URL.
  • Firewall logs for dropped traffic.
  • SSL inspection tools that may be interfering with outbound HTTPS connections.

If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Why is upgrade or install to MFT version 3.8.0 failing when using remote Database?
On This Page
What Causes the 'Cannot Contact Authority Using the Provided URL' Error During SSO Integration?1. Network Connectivity or Proxy Configuration IssuesResolution Steps:2. Incorrect Authority URL FormatResolution:3. General Integration Troubleshooting StepsConclusion