User account does not exist in tenant 'Default Directory' – Azure

by
Ali Hasan
azure-active-directory

Quick Fix: Verify that the Azure AD Application is registered with the correct tenant access settings. If it’s registered as Single-Tenant, only users from that specific tenant can sign in. Update the registration to allow users from any Azure AD tenant (Multitenant) or personal Microsoft accounts to resolve the issue.

The Solutions:

Solution 1: Edit AD Application Registration

Error Cause: Your AD Application is registered as a single-tenant application, but you’re attempting to sign in with personal accounts or accounts from other organizations.

Solution:

  1. Re-register your AD Application as "Multi-tenant and personal Microsoft accounts (e.g. Skype, Xbox)".
  2. In the authorization request, specify the common tenant:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://example.com
&response_mode=query
&scope=https://graph.microsoft.com/User.Read
&state=12345

Solution 2: Use organizations in Auth Request (for School Accounts Only)

If you want to restrict login to only school accounts:

  1. Register your AD Application as "Multi-tenant and personal Microsoft accounts (e.g. Skype, Xbox)".
  2. In the authorization request, specify the organizations tenant:
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://example.com
&response_mode=query
&scope=https://graph.microsoft.com/User.Read
&state=12345

Additional Resources

Q&A

How to Reproduce the error AADSTS50020 ?

Register an app as Single-Tenant then try to login with a personal account.

How to resolve error AADSTS50020 ?

Create the azure AD application as multi-tenant and use common endpoint.

Video Explanation:

The following video, titled "AADSTS50020: User Account from Identity Provider does not exist in ...", provides additional insights and in-depth exploration related to the topics discussed in this post.

Play video

AADSTS50020: User Account from Identity Provider does not exist in Tenant. 19K views · 2 years ago ...more ...

Similar Posts

How can I select the proper openai.api_version? – Python

Cannot log in to Visual Studio Account in VS 2022 – Azure

How can i access my react VITE ENV variables in production of an azure static web app? – Azure

No job functions found, migrating to .net 8 isolated worker process – Azure

[Fixed] oauth2-proxy helm kubernetes: ERROR: Failed to initialise OAuth2 Proxy: invalid provider verifier options: missing required setting: issuer-url – Oauth2-proxy

Azure web app has no access to openai private endpoint in virtual network – Azure

Resource '' does not exist or one of its queried reference-property objects are not present – C#

[Fixed] Why am I getting invalid model error with "gpt-35-turbo-16k" model in Azure Open AI but not with "gpt-35-turbo"? – Azure

Azure Functions: Can't open lib 'ODBC Driver 17 for SQL Server' – Azure

[Fixed] Getting error – AADSTS500011: The resource principal named ** was not found in the tenant named ** – Python-3.x

© 2024 ProgramingQA. All Rights Reserved.

About Contact Terms Privacy Policy