You’re effectively locked out of the Users app because it’s now using Microsoft Entra (SAML) and that configuration is either wrong or you don’t yet have a valid Entra user with the right roles.

There are two standard ways to recover in O11:

1. Try the “bypass external auth” login URL

When you configure SAML/Microsoft Entra in the Users app, OutSystems provides a special URL that lets you log in ignoring external authentication:

https://<your-environment>/Users/Login.aspx

Note:

• This specific URL bypasses Microsoft Entra/SAML and forces the classic internal login page. Configure Microsoft Entra authentication
• Log in there using an internal administrator account (e.g. “admin” or any internal user that still exists and has Users/Service Center permissions).

Once you’re in the Users app:

1. Go to Configure Authentication in the right sidebar.
2. Change Authentication back to Internal Only.
3. Save and publish.

In many cases this is enough and you’re done.

If that URL still redirects you to Microsoft Entra or fails for any reason, use the second approach.

2. Reset Users authentication from Service Center (factory settings)

If you can access Service Center with any admin/internal account, you can revert the Users app authentication configuration at the module level. This is the same pattern used to recover from bad AD/SAML settings. Reset Users authentication preferences

Steps (Traditional Platform Server / O11):

1. Open Service Center
   https://<your-environment>/ServiceCenter

2. Go to the Users module

   • Navigate to Factory → Modules (or Espaces, depending on your version).
   • Search for Users.
   • Click the Users module.

3. Open Tenants / Site Properties

   • Inside the Users module detail page, click the Tenants tab.
   • Click on the Users (Default Tenant) (or equivalent default tenant).
   • There you will see Site Properties for the Users app.

4. Reset the authentication-related site properties
   Depending on your current configuration (SAML / Microsoft Entra), you should reset the properties that control external authentication. For Microsoft Entra/SAML, typically you will:

   • Clear or disable any site property that indicates that external authentication is enabled.
   • If there are boolean properties like:
     • ExternalAuthenticationEnabled, UseExternalAuthentication or similar → set them to False.
   • If you added specific SAML/Microsoft Entra site properties, you can also clear them (or set to safe defaults).

   The concrete names may differ slightly depending on your version/patch, but they are under the Users module’s site properties. The official “Reset Users authentication preferences” procedure points to exactly these properties. Reset Users authentication preferences

5. Apply and test

   • Click Apply to save the site property changes.
   • Try again to access https://<your-environment>/Users or https://<your-environment>/Users/Login.aspx.
   • You should now see the internal login page and be able to log in with internal users.

6. Reconfigure properly (optional)
   After recovering access:

   • Go back to Configure Authentication in the Users app.
   • Set Authentication to Internal Only.
   • If you later re-enable Microsoft Entra, follow the full documented flow and test in a non-production environment first. Configure Microsoft Entra authentication

If neither approach works (for example, you can’t access Service Center at all), then this becomes an infrastructure-level issue and you’ll need your platform/IT admin or OutSystems Support to reset authentication directly in the database or via the official support procedure. But in most O11 setups, either the Login.aspx bypass or the reset via Users module site properties in Service Center is enough to recover.