Azure AD AADSTS90072 Error

Dean Reid 0 Reputation points
2023-05-18T09:12:16.1833333+00:00

Good Morning, 

 

I'm currently assisting in the process of Migrating all our users to SSO on our app, however, they are getting the AADSTS90072 Error as follows

 

AADSTS90072: User account 'firstname.surname@company.com' from identity provider 'live.com' does not exist in tenant '%COMPANY%' and cannot access the application '%APPLICATIONID%'(LastPass Login App) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account 

Out of the 2000+ users we have migrated, only 13 people show this error so we have confirmed that it isn't anything to do with the provisioning of the apps and it does not appear to be a vendor issue.

 

however we can't seem to find a way around this, we have even tried changing the URL mid-load which was never expected to work in the first place, but at this point, we are trying everything.

 

I have noticed that when the user goes through the login process, the web URL that it directs them to is login.live.com whereas the users that work get directed to login.microsoftonline.com

 

Our company uses the UPN as the primary login email and all of our user's UPN is different from the email address which it's trying to log in as.

 

Our UPN is; [staffID@companydomain2.com]

whereas our email is [firstname.surname@companydomain1.com]

We have compared each of the affected users vs working users' proxy information and they are all using the same proxy, we also checked the SMTP setup and they are all the same for each of them minus the different names.

has anyone got any idea what could be causing this?

 

We have noticed that on 3 of the affected users, it will initially prompt them to sign in using their [firstname.surname@companydomain1.com] email address, but when they put their password in it will tell them it's incorrect, and it doesn't give them the option to change the email they use to login.

We checked the logs but nothing is showing up. possibly because it's being directed to login.live.com so it's not actually making it anywhere near the AD Tenant

 

 

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,018 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,111 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.