Hi Team,

In our project we are developing a couple of REST services. For all these services we are planning to authenticate the callers by using Azure AD.  Azure AD is used as enterprise-wide identity provider. 

To achieve this, in service package of Rest service we set Auth type as "Custom". We created a token-based Authentication service. In this Auth service, we configure Identity mapping rule and in Identity mapping rule I have referred a token profile rule. I have verified with my Security team that all details in these rules are correct. When I say details, I mean Issuer, Audience, Key store etc.

After doing all these, when we call our REST web service from PostMan we see 401 (Unauthenticated) response and in Log file we get below error. 

Custom authentication service invalid, an Authentication Activity is required in the Data-Admin-AuthService instance 'APRIntAuthService' 

I am not sure where should I provide Authentication activity, in my Auth service I see only Pre Auth and Post Auth activity placeholder.

I already referred these post - Service REST OAuth2 - External OAuth2 Provider | Support Center

Securing Service-Rest with external oAuth provider like Okta | Support Center