Skip to main content

Linking a Microsoft Advertising login to Optmyzr - Troubleshooting

Linking your Microsoft Advertising login to Optmyzr allows you to streamline your advertising management. This troubleshooting guide aims to assist you in identifying and resolving common issues that may prevent successful linkin

Written by Rishabh Singh Jasrotia

1. Profile Type and Login Email

Check your login email first:

To successfully link your Microsoft Advertising account with Optmyzr, you must use the same login email you use to access the Microsoft Advertising interface directly.

  1. Confirm you are using the correct login email associated with your Microsoft Advertising account.

  2. Try logging into Microsoft Advertising directly at ads.microsoft.com using that email to verify it works.

  3. If you can log in to Microsoft Advertising without any issues, use that same email when linking your account in Optmyzr.

Then check your account type:

Microsoft Advertising accounts can be categorized as either personal accounts (@outlook.com / @live.com) or work accounts (company-managed via Azure AD / Entra). Selecting the wrong type during Optmyzr's connection flow is a common cause of failure.

  1. Visit your Microsoft Advertising account settings: https://ads.microsoft.com/cc/Settings/MySettings

  2. Confirm the type of account displayed on the settings page.

  3. Ensure that you select the corresponding account type when attempting to link your account to Optmyzr.

2. Browser or Session Interference

Password managers (e.g. LastPass, 1Password) and browser autofill can interfere with Microsoft's OAuth redirect — sometimes passing an empty or incorrect email into the URL, which causes a blank screen or silent failure.

Steps to try:

  1. Open a fresh incognito / private browsing window.

  2. Disable any password manager extensions before starting.

  3. Make sure you are using the correct browser profile (not a secondary or guest profile).

  4. Retry the Microsoft Ads connection flow from Optmyzr.

If you see a blank screen after being redirected from Optmyzr, this is typically caused by an empty email being passed in the redirect URL due to autofill or an incorrect browser profile being active. The incognito + correct profile fix above resolves this in most cases.

3. Missing or Unrecognised Multi-Factor Authentication (MFA)

Microsoft requires Multi-Factor Authentication (MFA) to be active on the account for the OAuth connection to succeed. You may see an error like:

"To enhance the security of your Microsoft Advertising account, Multi-Factor Authentication (MFA) is mandatory when accessing accounts through API. Please ensure that MFA is enabled for your ad account before attempting to link it with Optmyzr."

You can read more about MFA here.

Important: This error can appear even when MFA is already enabled. In that case, it is usually a browser or session issue, not an MFA configuration issue.

Steps to try:

  1. First, try the incognito + correct browser profile fix from Section 2 above — this resolves the false MFA error in most cases.

  2. If MFA genuinely is not enabled, enable it in your Microsoft account security settings and retry.

4. "Need Admin Approval" Message

This happens when your Azure AD / Entra tenant has not authorised third-party OAuth apps. You will see a "Need Admin Approval" screen and cannot proceed regardless of your own permission level. You may also see this as "User declined to consent to access the app" (see attached screenshots for reference), in which case your admin would have received an email from Microsoft requesting them to approve access to the app.

How to identify your admin:

  1. Go to the Microsoft Ads website.

  2. Navigate to Settings > User Management.

  3. You'll see a list of all users associated with the account.

  4. Click "View" next to any user to see their role.

Resolution — steps for your IT admin:

  1. Go to Microsoft Entra admin center > Identity > Enterprise Applications.

  2. Find Optmyzr in the list.

  3. Go to Permissions > Grant admin consent for the tenant.

  4. Once granted, retry the connection flow in Optmyzr.

If the loop persists after consent is granted, this is a known escalated issue affecting some enterprise Entra tenants. Have your IT admin check:

  • Consent was granted at tenant level (not per-user only).

  • Optmyzr is listed under Enterprise Applications, not just App Registrations.

If it still does not resolve, proceed to Option B in Section 5 — inviting a personal Microsoft account as Super Admin is the most reliable fallback for this scenario.

Note on the admin consent link: In some cases the consent link may not work if the Client ID does not match the tenant's configuration. If this happens, contact support@optmyzr.com to get the correct consent URL for your tenant.

Admin Cannot Access the Entra Portal (e.g., due to an MFA or device issue)

Resetting MFA or recovering Entra portal access is a Microsoft account-recovery process that needs to be handled by your IT team or Microsoft Support directly — it is outside of what Optmyzr can assist with.

However, you do not need to resolve the Entra access issue before connecting to Optmyzr. Optmyzr can connect with any Microsoft sign-in that has access to your Microsoft Ads account. As a workaround, you can invite a different email address to your Microsoft Ads account and use that to connect to Optmyzr instead:

  1. Sign in to ads.microsoft.com with any account that currently has access.

  2. Go to Settings > Account access / Users.

  3. Invite the alternative email address (a personal @outlook.com, another work account, or any account not subject to the same restriction) and assign it Super Admin or Standard access.

  4. Accept the invite from that email address.

  5. In Optmyzr, go to Manage Linked Accounts > Link Microsoft Ads and sign in with that account.

5. SSO or Federated Identity (Company-Managed Login)

If the standard Microsoft portal (login.microsoftonline.com) shows "no user found" or "we don't recognize this account" even though you can access Microsoft Ads normally, your identity is most likely managed through company SSO (Azure AD, Okta, Google Workspace, etc.) rather than a native Microsoft account. This causes a mismatch during Optmyzr's OAuth flow.

This is a known limitation with Microsoft's OAuth flow for federated identities. Optmyzr is actively working with Microsoft on a longer-term fix. In the meantime, the two workarounds below are the recommended paths.

Google SSO variant: If you log into Microsoft Ads using Google SSO (same email address, but authenticated via Google rather than Microsoft natively), the Microsoft OAuth portal will not recognise your account and may show "Try entering your Microsoft Account again. We don't recognize this one." This is a Microsoft limitation — their OAuth flow only supports native Microsoft accounts. Use Option A or Option B below.

Option A — Grant tenant-wide admin consent

Ask your IT admin to grant tenant-wide consent for Optmyzr:

  1. Go to Microsoft Entra admin center > Enterprise Applications > Optmyzr.

  2. Go to Permissions > Grant admin consent for the tenant.

This can unblock federated users without requiring a separate login. However, this does not work in all SSO configurations — if it doesn't resolve the issue, proceed to Option B.

Option B — Invite a personal Microsoft account as Super Admin (most reliable)

  1. Have your IT admin invite a standard personal Microsoft account (any @outlook.com or @live.com address) as Super Admin on your Microsoft Advertising account.

  2. In Microsoft Ads: go to Accounts & Billing > Users > Invite User, and assign the Super Admin role.

  3. Use that personal Microsoft account to connect to Optmyzr.

6. Microsoft Login Issue – Lacks Service Principal

If you are seeing the error "Lacks service principal," proceed with the steps below.

Check your account type:

This error most commonly affects work accounts. If you're able to switch to a personal account, doing so may resolve the issue immediately.

Check for Microsoft Entra ID (formerly Azure Active Directory):

If your work account is managed via Azure Active Directory:

  1. Go to Microsoft Graph Explorer

  2. Log in with your admin account.

  3. Change the request type from GET to POST.

  4. Update the endpoint to: https://graph.microsoft.com/v1.0/servicePrincipals

  5. In the Request body tab, paste the following:

       { "appId": "d42ffc93-c136-491d-b4fd-6f18168c68fd" }

  6. Click the Run Query button.

If your work account is not managed via Azure, contact Microsoft Ads Support and request that the service principal be updated for your Microsoft Ads work account.

When to contact Optmyzr Support?

If you face any issues after going through these steps, please contact support@optmyzr.com or write to us through the chat box in the interface. If possible, please include:

  • Your Microsoft Ads login email

  • Whether your account is company-managed (SSO / federated identity)

  • Screenshots of any error messages you are seeing

Did this answer your question?