Users are unable to log on to K2 sites (Designer/Runtime/Management) with AAD credentials and receives the following error:
This issue occurs on a regular basis (approximately every 2 months) and requires a manual certificate thumbprint update following the procedure described here.
This is known issue. As a workaround you can use a manual certificate thumbprint update following the procedure described here, but to resolve it permanently you need to apply updates to the K2 platform:
For K2 4.7 the fix is included in November 2017 CU or newer CU/FP, see release notes - "Implemented support for rollover of the Azure Active Directory certificate thumbprints."
The same fix should be included in RTM versions of K2 5.0 - 5.1.
For K2 5.2 there is an additional fix included into FP1 - https://help.k2.com/kb002748, which should be also included into 5.3 release as this one includes all fixes from K2 Five (5.2) Fix Packs 1 to 29 (as per release notes)