Low severityauthentication
Power BI Error:
AADSTS50192, No Credential in Sign-in Request
What does this error mean?
Entra ID (Azure AD) rejected the sign-in because no credential (typically a client certificate for CBA) was present in the request.
Common causes
- 1Certificate-Based Authentication (CBA) is enforced on the tenant or Conditional Access policy, but the client did not present a certificate
- 2A reverse proxy, WAF, or load balancer (e.g. F5, Azure Front Door, on-prem ADC) terminates TLS and strips the client certificate before the request reaches login.microsoftonline.com
- 3The user's certificate is missing, expired, or not installed in the correct certificate store on the device
- 4The Power BI Gateway, ADF Self-hosted IR, or Databricks linked service is configured for CBA/Workload Identity but the certificate binding was removed or rotated
- 5Browser or OS did not prompt for / send the certificate because the issuing CA is not trusted by the Entra ID CBA configuration
How to fix it
- 1Confirm whether CBA is required for this user — check Entra ID → Security → Authentication methods → Certificate-based authentication, and any Conditional Access policy enforcing 'Require certificate'
- 2On the client device, verify a valid (non-expired) certificate exists in the user's personal store and chains to a CA that's uploaded under Entra ID → Security → Certificate authorities
- 3If traffic passes through a reverse proxy/WAF/F5/AGW, ensure TLS client-certificate passthrough (or proper renegotiation + header forwarding) is configured so the cert reaches Entra ID intact
- 4For service principals (Power BI embedded, ADF, Fabric capacity admin scripts): re-upload the certificate to the App Registration → Certificates & secrets, and confirm the thumbprint matches the one used by the client
- 5Reproduce the sign-in with Fiddler or browser network trace and inspect the TLS handshake — if no Certificate message is sent by the client, the problem is client/proxy-side, not Entra ID