I have a set of applications in Kubernetes which was running behind KeyCloak Authentication using google accounts on AWS. Now the applications are migrating on Microsoft Azure. In the first step of migration I want the authentication process to be done using Azure Active Directory instead of Google accounts while the apps still running in AWS.

I have deployed Azure Active Directory following the initial part of this link and have successfully added oidc for Azure AD in Keycloak.

I have the original domain setup in AWS and I am redirecting it to Azure.

When I try to login using Azure AD with one of the accounts which were working fine in AWS, it gives me this error:

error_description=AADSTS650051 Using application AKSAzureADClient is currently not supported for your organization XXXX.com because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of XXXX.com before the application AKSAzureADClient can be provisioned.