Share via

User account does not exist in tenant 'Default Directory'

Anonymous
2023-04-15T09:03:27.63+00:00

Hello, I am trying to build web application with nextjs and nextauth, therefore I created an app registration on my personal MS account. I am using the AzureADProvider but I get the following error message on https://login.microsoftonline.com/<My project GUID>/login after I entered the credentials of my school email.

AADSTS50020: User account '<My schools email>' from identity provider 'https://sts.windows.net/<School GUID I guess>/' does not exist in tenant 'Default Directory' and cannot access the application '<My app registration>'(<Project name>) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account The goal is to be able to login with my, as well as all other students accounts of our school, so there does not need to be a separate registration and only students can login and the teachers can identify the students by their mail (because most of them would register with crappy mails and usernames :/ ).

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,367 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 36,151 Reputation points Microsoft Employee
    2023-04-18T20:28:54.9566667+00:00

    Hi @Anonymous ,

    Based on your description it sounds like you are using a personal account but may not have set up the application to support personal accounts. First, ensure that your user account is added as an external user in the Azure AD tenant. Then, follow these steps to ensure that the app is set up to support your account type:

    1. In the Azure portal, search for and select App registrations.
    2. Select the name of your app registration.
    3. In the sidebar, select Manifest.
    4. In the JSON code, find the signInAudience setting.
    5. Check whether the setting contains one of the following values:
      • AzureADandPersonalMicrosoftAccount
      • AzureADMultipleOrgs
      • PersonalMicrosoftAccount
    6. If the signInAudience setting doesn't contain one of these values, re-create the app registration by having the correct account type selected. You currently can't change signInAudience in the manifest.

    Also, please verify that you are using the correct endpoint and sign-on URL.

    Your authentication call must target a URL that matches your selection if your app registration's supported account type was set to one of the following values:

    • Accounts in any organizational directory (Any Azure AD directory - Multitenant)
    • Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
    • Personal Microsoft accounts only

    The sign-on URL for multi-tenant and personal accounts is this one: https://login.microsoftonline.com/common

    If your guest user account was added to the tenant and the settings for the app registration are aligned, I recommend reviewing the troubleshooting steps in Error AADSTS50020 - User account from identity provider does not exist in tenant to further diagnose the issue. If you tried all of the steps in the troubleshooting guide and still face this issue, please provide some screenshots of your app registration settings and tenant settings, and let me know whether this is happening for all accounts or just yours.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar issues.