Share via

How to fix AADSTS700016:

Sosina Gebre 0 Reputation points
2024-07-24T08:34:07.6+00:00

Request Id: a124e88d-ffc4-4106-b3ea-8fd81fa80001

Correlation Id: 6fb71f44-76da-420b-a27e-86f5a10a73d3

Timestamp: 2024-07-24T08:30:43Z

Message: AADSTS700016: Application with identifier 'https://www.okta.com/saml2/service-provider/speougezmljemuvdkstt' was not found in the directory 'Okta'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,080 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fabio Andrade 1,660 Reputation points Microsoft Employee
    2024-07-24T22:00:04.3766667+00:00

    Hi @Sosina Gebre

    Thanks for reaching out to Microsoft Q&A

    Based on the error message, I'm understanding that you are trying to sign in with an application that does not exist in the tenant named "Okta", that's why you are getting this error message.

    Could you please share the documentation you are following to configure your app?

    Thanks,

    Fabio

    0 comments
  2. Navya 12,175 Reputation points Microsoft Vendor
    2024-07-25T07:29:43.51+00:00

    Hi @Sosina Gebre

    Thank you for posting this in Microsoft Q&A.

    I understand that you got an error "AADSTS700016: Application with identifier '{App-Id}' was not found in the directory '{Tenant-Id}'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant". This means the application you are trying to access does not exist in the organization you are signing into.

    This error appears in various scenarios. Please review the following steps.

    1.Ensure correct AppId of the application, which is sent as the ClientID in the request.

    2.Basically, OAuth2 utilizes the ClientID in the request and matches it with the AppId from the application registration. Similarly, SAML2 uses the EntityId in the request and compares it to the App URI ID of the application registration. It is important to note that the AppId differs from the Application's Object ID, the Service Principal, also known as the Enterprise Apps Object ID, or the Directory ID.

    3.Verify whether the application is designed to support a single tenant or multiple tenants. If it is meant to be a single-tenant application and the user signing in is a guest in the directory where the application is registered, make sure the sign-in endpoint (also known as the authority) being used is: https://login.microsoftonline.com/{your-tenant-id}/

    If you are still experiencing issues, please share the steps you have taken so I can better understand the problem.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.