Unable to access one of our B2C tenants from main Domain, error AADSTS500213: The resource tenant's cross-tenant access policy does not allow this user to access this tenant.

Question

Unable to access one of our B2C Tenancy Directories + Subscriptions from our Master Azure Domain home.

All staff at present get the error below:

Access is Blocked by the Organisation.

Message: AADSTS500213: The resource tenant's cross-tenant access policy does not allow this user to access this tenant.

We have done a health check and it confirms no changes made in the last 72 Hours.
We were successfully accessing this yesterday 01/08/2023.

Any help/advice gratefully appreciated.

Answer 1

Hi @Anonymous ,

Your error code indicates that you are trying to use the Azure AD endpoint (likely the one from your B2C tenant). It sounds like they may be getting redirect to the wrong tenant, which you should be able to verify in your browser logs when signing in. See related: https://stackoverflow.com/questions/68868643/getting-error-aadst50013-for-obo-flow-using-azure-ad-b2c-on-net-core-3-1

Otherwise if this is a tenant you could previously access and you believe someone changed the cross-tenant access settings, you may be able to update the cross-tenant access settings by logging in via admin.microsoft.com.

If you believe that your scenario is different, feel free to send me an email at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread, and I will help troubleshoot.

If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.