![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 88%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,443 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand when user tries to login to application configured in your tenant, they are getting error AADSTS500014
This can be caused when the underlying Service Principal used as the app identity of the cited resource might be disabled.
You can have an AAD/Global Admin run the following from an AzureAd PowerShell window.
- Open Windows PowerShell as administrator.
- Run command “Install-Module azuread”.
- Once installed you can run command “Connect-AzureAD” and enter user credentials once it asks for.
- Now run comment "Set-AzureADServicePrincipal -ObjectId <Service Principal Object Id> -AccountEnabled $true".
Apart from this you can also check if this application is enabled for user sign-in.
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.