You may want to try Azure B2C as “social” accounts are used with AAD, that is more a B2B or AAD to AAD. I would B2C to segment out these type of accounts.
Can't login to AAD Application with oAuth2: Personal Microsoft accounts are not supported for this application
Hi, I'm trying to login an user to my AAD Application via oAuth2. But I'm getting the following error:
Request Id: 818c8dfa-22fd-4e00-93f1-16e6d8142a00
Correlation Id: dc0539ce-d422-4933-b813-036dfcf50c48
Timestamp: 2023-05-10T09:57:44Z
Message: AADSTS500200: User account '****@****.net' is a personal Microsoft account. Personal Microsoft accounts are not supported for this application unless explicitly invited to an organization. Try signing out and signing back in with an organizational account.
The goal is to impersonate the user and make requests to https://graph.microsoft.com on the users behalf with delegated permissions. As far as I understand a guest invitation to the application is not needed, is it? What do I need to change to allow any personal account to log in?
Things I already did:
- Set account types to: "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)"
- Add a publisher domain and link the MPN id to become a verified publisher
- Set the authority to: https://login.microsoftonline.com/common
- Checked "Enabled for users to sign-in" under Enterprise Applications > Properties
- Tried it from an incognito browser to make sure its not a caching problem
3 answers
Sort by: Most helpful
-
-
Shweta Mathur 29,681 Reputation points Microsoft Employee
2023-05-11T12:10:51.33+00:00 Hi @Bülent Hacioglu ,
Thanks for reaching out.
You need to invite the user as a guest user in your Azure AD tenant to authenticate using OAuth.
If you don't want to invite guest users to your directory. Then you can leverage Azure AD B2B or Azure AD B2C as per case scenario to authentication to your application registered in Azure AD.
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
https://learn.microsoft.com/en-us/azure/active-directory-b2c/overview
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
-
CarlZhao-MSFT 40,311 Reputation points
2023-05-15T09:57:49.29+00:00 Hi @Bülent Hacioglu
Your error may be caused by one of the following reasons, please refer to the corresponding official document for troubleshooting.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.