Thank you for the response. I made some changes since I found differences between the ID token and access token issuer. However, I am still encountering the same error, with the same error message appearing in the ALB access logs.

ALB access login "authenticate" "-" "AuthInvalidIdToken"

The 'aud' field contains the app ID when I decode the token.

I created a new web application in Entra ID. Postman is working for "https://login.microsoftonline.com/xxxxxxxxxxxxxxx/openid/userinfo" but the "/v2.0/.well-known/openid-configuration" this returns userinfo endpoint as "https://graph.microsoft.com/oidc/userinfo". Postman is getting below error for /oidc/userinfo service.

"code": "InvalidAuthenticationToken", "message": "Access token validation failure. Invalid audience."

ALB Config Issuer: https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxx/v2.0 Token endpoint: https://login.microsoftonline.com/organizations/oauth2/v2.0/token User info endpoint: https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration Authorization endpoint: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize Session cookie name: AWSELBAuthSessionCookie On unauthenticated: authenticate Scope: openid api://xxxxxxxxxxxxxxxxxxx/Files.Read

Is there anything that needs to be done to resolve this, please?