How to Fix identity provider 'live.com' does not exist in tenant 'Default Directory'

Question

Request Id: d66b11d9-e35f-4dea-9e32-9ce238e41000

Correlation Id: 469f11b6-e7f0-4154-a7f5-d5347bd1df83

Timestamp: 2023-08-07T10:44:23Z

Message: AADSTS50020: User account '******@outlook.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '05b21c4c-79f6-489d-a727-5ac1bf3b6a7b'(abc) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Flag sign-in errors for review:

If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

Troubleshooting details

If you contact your administrator, send this info to them.

Request Id: d66b11d9-e35f-4dea-9e32-9ce238e41000

Correlation Id: 469f11b6-e7f0-4154-a7f5-d5347bd1df83

Timestamp: 2023-08-07T10:44:23Z

Message: AADSTS50020: User account '******@outlook.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '05b21c4c-79f6-489d-a727-5ac1bf3b6a7b'(abc) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Flag sign-in errors for review:

If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

I am trying to add login with mmicrosoft in my nextjs app with next-auth but getting this error please help

Answer 1

Hi @Huzaifa Saleem ,

Thanks for reaching out.

The error AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant usually occurs when you sign in to Azure Portal using your personal account which is not added as an external/guest user to an Azure AD/Microsoft Entra tenant.

Since you are connected to the tenant as a standard user with restricted access, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant.

For this purpose, you need to create your own tenant. When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.

To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.

Once the new account is created, you should be able to see and switch to the new tenant by clicking on the settings icon as highlighted below:

Alternatively, you can ask the global administrator or any existing Azure AD/Microsoft Entra tenant to invite you as a guest user as mentioned here: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory. Once you are added to an Entra tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.

Note: Since your question contains personal information, I have redacted your email address to address GDPR-related concerns.

Hope this will help.

Thanks,

Shweta

---

Please remember to "Accept Answer" if answer helped you.