Share via

How to fix error 'The user account does not exist in the directory' using the (ROPC) MSAL Authorization Flow

Michael Dratch (US) 0 Reputation points
2024-07-12T19:42:58.67+00:00

I am trying create a playwright test suite to perform end-to-end tests on a power pages site. I am following this documentation:

https://learn.microsoft.com/en-us/entra/identity-platform/test-automate-integration-testing?tabs=JavaScript

This code uses the MSAL function acquireTokenByUsernamePassword in order to acquire the necessary tokens, then saving the tokens to session storage, for the service account we are signing in so that the tests can bypass further authentication during the automated tests.

When this function is called acquireTokenByUsernamePassword, I am getting this error:

errorCode: 'invalid_grant',

errorMessage: 'AADSTS50034: The user account {EUII Hidden} does not exist in the <Tenant ID> directory. To sign into this application, the account must be added to the directory.

I confirmed the the service account user does exist in the tenant and the username and password credentials are correct. We updated the authentication settings in the App registration in Azure AD to enable this sign in flow. Is there any other issues that could cause this error to occur?

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2024-07-15T19:36:40.6133333+00:00

    Hi @Michael Dratch (US) , can you please try these troubleshooting steps for me?

    1. Make sure you're using the correct username and password for the user account. Double-check that the username and password are correct and that there are no typos or other errors.
    2. Check that the user account is in the correct directory. Make sure that the user account is in the same directory that is associated with the Azure AD tenant you're using for authentication. You can check this by logging into the Azure portal and navigating to the Azure AD tenant, then checking the list of users to see if the user account is present.
    3. Verify that the user account is enabled for sign-in. Make sure that the user account is enabled for sign-in to the Azure AD tenant. You can check this by logging into the Azure portal and navigating to the Azure AD tenant, then checking the list of users to see if the user account is enabled for sign-in.
    4. Check the permissions for the application registration. Make sure that the application registration in Azure AD has the necessary permissions to authenticate users. You can check this by logging into the Azure portal and navigating to the application registration, then checking the list of permissions to see if the necessary permissions are present.

    Also, please review the following threads and let me know your results:

    Best,

    James

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.