The Solutions:
Solution 1: Edit AD Application Registration
Error Cause: Your AD Application is registered as a single-tenant application, but you’re attempting to sign in with personal accounts or accounts from other organizations.
Solution:
- Re-register your AD Application as "Multi-tenant and personal Microsoft accounts (e.g. Skype, Xbox)".
- In the authorization request, specify the
common
tenant:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://example.com
&response_mode=query
&scope=https://graph.microsoft.com/User.Read
&state=12345
Solution 2: Use organizations in Auth Request (for School Accounts Only)
If you want to restrict login to only school accounts:
- Register your AD Application as "Multi-tenant and personal Microsoft accounts (e.g. Skype, Xbox)".
- In the authorization request, specify the
organizations
tenant:
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://example.com
&response_mode=query
&scope=https://graph.microsoft.com/User.Read
&state=12345
Additional Resources
Q&A
How to Reproduce the error AADSTS50020 ?
Register an app as Single-Tenant then try to login with a personal account.
How to resolve error AADSTS50020 ?
Create the azure AD application as multi-tenant and use common endpoint.
Video Explanation:
The following video, titled "AADSTS50020: User Account from Identity Provider does not exist in ...", provides additional insights and in-depth exploration related to the topics discussed in this post.
AADSTS50020: User Account from Identity Provider does not exist in Tenant. 19K views · 2 years ago ...more ...
The following video, titled "AADSTS50020: User Account from Identity Provider does not exist in ...", provides additional insights and in-depth exploration related to the topics discussed in this post.
AADSTS50020: User Account from Identity Provider does not exist in Tenant. 19K views · 2 years ago ...more ...