From 1884e2b444428aefbfc40aab87c2b65dae421e57 Mon Sep 17 00:00:00 2001
From: Stephanie Aurelio <133041642+stephaurelio@users.noreply.github.com>
Date: Wed, 30 Aug 2023 08:18:52 -0700
Subject: [PATCH] Add Azure troubleshooting tip to SSO IdP FAQ page (#18057)

* add azure faq

* fix typo in faqs
---
 content/single-sign-on/domain-faqs.md | 2 +-
 content/single-sign-on/idp-faqs.md    | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/content/single-sign-on/domain-faqs.md b/content/single-sign-on/domain-faqs.md
index f734c5c7b7..5045f0fb1e 100644
--- a/content/single-sign-on/domain-faqs.md
+++ b/content/single-sign-on/domain-faqs.md
@@ -4,7 +4,7 @@ keywords: Docker, Docker Hub, SSO FAQs, single sign-on
 title: Domains
 ---
 
-### Can i add sub-domains?
+### Can I add sub-domains?
 
 Yes, you can add sub-domains to your SSO , however all email addresses should also be on that domain. Verify that your DNS provider supports multiple txt fields for the same domain.
 
diff --git a/content/single-sign-on/idp-faqs.md b/content/single-sign-on/idp-faqs.md
index fc06763484..305c37e554 100644
--- a/content/single-sign-on/idp-faqs.md
+++ b/content/single-sign-on/idp-faqs.md
@@ -48,6 +48,10 @@ We currently do not have any plans to enable IdP initiated logins.
 
 Yes, bot accounts needs a seat, similar to a regular end user, having a non-aliased domain email enabled in the IdP and using a seat in Hub.
 
-### Is it possible to connect Docker Hub directly with a Microsoft Azure Active Directory Group?
+### Is it possible to connect Docker Hub directly with a Microsoft Azure Active Directory (AD) Group?
 
-Yes, Azure AD is supported with SSO for Docker Business, both through a direct integration and through SAML.
\ No newline at end of file
+Yes, Azure AD is supported with SSO for Docker Business, both through a direct integration and through SAML.
+
+### My SSO connection with Azure AD isn't working and I receive an error that the application is misconfigured. How can I troubleshoot this?
+
+Confirm that you've configured the necessary API permissions in Azure AD for your SSO connection. You need to grant admin consent within your Azure AD tenant. See [Azure AD documentation](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent?pivots=portal#grant-admin-consent-in-app-registrations).