Azure AD directory connector
Error: Cannot sync connector - authentication expired
The directory connector may, on occasion, stop synchronizing users/groups because its authentication token expires. For example, it is common for regular Azure users to have an MFA policy, which can cause the access token to expire.
Troubleshooting
The user that is associated with the authentication token has a policy that is expiring the token. You should be able to see the reason by looking at the sign-in logs:
- Go to the Azure Portal.
- Open Enterprise Applications.
- Select the Barracuda CloudGen Access Directory Connector.
- Go to Sign-in logs.
- Click on User sign-ins (non-interactive).
- Click on one sign-in log entry with a Failure Status.
- Start by checking the Failure reason message and Additional Details.
- On the right pane that opens, click on the Conditional Access tab.
- Check if there was any Policy that triggered the expiration of the token.
Resolution
Barracuda Networks recommends using an isolated Azure service account that does not enforce any MFA restrictions with the CloudGen Access User Directory Connector.