Share via

401 - Uh-oh, you do not have access. When trying to join organization

Daniel 0 Reputation points
2023-07-28T13:33:15.5+00:00

I cannot join an organization I was invited to, getting the following Error:
401 - Uh-oh, you do not have access.
Your account, MyEmail.outlook.de is not authorized to view this page. Make sure the URL is correct and your account has access.

The email displayed is the same that has been added to the organization I am trying to join.
The same issue occurs when I try to invite someone to my organization.
When trying to create a support ticket I encountered an error message that looks like it could be related:

The portal is having issues getting an authentication token. The experience rendered may be degraded. Additional information from the call to get a token: Extension: Microsoft_AAD_DXP Resource: identity.diagnostics Details: The logged in user is not authorized to fetch tokens for extension 'Microsoft_AAD_DXP' because the user account is not a member of tenant 'tenant ID'. Error details: AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'Application ID'(ADIbizaUX) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

**I did not setup any Azure Active Directory or organization policies. It is, by all accounts a fresh Azure Account with vanilla settings.
Things I tried to fix:
Resend Invite
Set all permissions to Administrator for joining user
Wait (72h) for user to be added to organization
Logging in with invited account in an private browsing window and also a fresh browser

If anyone has the same issue or has an idea on how I could fix it it would be very much appreciated.
Thanks in advance!**

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,279 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,931 Reputation points Microsoft Employee
    2023-08-01T08:53:40.01+00:00

    @Daniel

    Thank you for posting your query on Microsoft Q&A. From above description I could understand that you are getting 401 - Uh-oh, you do not have access, while trying to access an application in Azure AD with you guest account invited via B2B collaboration.

    Please do correct me if this is not the case by responding in the comments section.

    I tried to repro similar behavior in my tenant but was able to signup with guest account without any issues. Could you please validate the following:

    • You are accessing only the invitation link and not the portal as could only access application mentioned in the invitation URL

    User's image

    • If Users can use preview features for My Apps is set for all.

    User's image

    • If your email address contains any plus (+ ) symbols or if invite was sent to a group email. Azure AD doesn’t currently support plus symbols in email addresses.
    • Guest user access restrictions are inclusive.

    User's image

    Please do let me know if you face issues after validating the above.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.