Hi @itay4 - This error appears in various scenarios. Please review the following steps.
1.Ensure correct AppId of the application, which is sent as the ClientID in the request.
2.Basically, OAuth2 utilizes the ClientID in the request and matches it with the AppId from the application registration. Similarly, SAML2 uses the EntityId in the request and compares it to the App URI ID of the application registration. It is important to note that the AppId differs from the Application's Object ID, the Service Principal, also known as the Enterprise Apps Object ID, or the Directory ID.
3.Verify whether the application is designed to support a single tenant or multiple tenants. If it is meant to be a single-tenant application and the user signing in is a guest in the directory where the application is registered, make sure the sign-in endpoint (also known as the authority) being used is: https://login.microsoftonline.com/{your-tenant-id}/