How to fix Details: The logged in user is not authorized to fetch tokens ... because the user account is not a member of tenant

Gre 0 Reputation points
2023-08-14T17:27:11.5766667+00:00

Good Morning,

I need to open a support ticket and I try to connect with one my old account to azure ( the only way to contact them).

When I try to open a new support ticket I obtain the following message:

{
  "sessionId": "65d6befa4f134687afd650673740151e",
  "errors": [
    {
      "errorMessage": "interaction_required: AADSTS16000: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '4ba4d253-8ed1-42a1-b919-37fad5e5f06e'(Microsoft_AAD_GTM) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Trace ID: 15f1b339-1455-49e3-a372-ce713ebc7500
Correlation ID: 3a056711-f910-484b-b449-08be26d7db1f
Timestamp: 2023-08-14 17:23:25Z",
      "clientId": "4ba4d253-8ed1-42a1-b919-37fad5e5f06e",
      "scopes": [
        "https://signup.azure.com//.default"
      ]
    }
  ]
}

I try to create also a new account and I obtained the same error.

I tried to follow some other discussion and I don't see anything inside app registration or in Portal settings | Directories + subscriptions

How can I solve ?

Thanks

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,649 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,450 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Dr. S. Gomathi 670 Reputation points MVP
    2023-08-15T04:39:04.8066667+00:00

    Hi Gre,

    The error message suggests that the account you're using doesn't exist in the specific Azure tenant, and that's causing the problem.

    Here's what you can do to try and fix this:

    Check Email: Make sure you're typing in the correct email associated with your old Azure account. Small typos can cause big issues.

    Sign Out and Back In: Sometimes, signing out of your account and then signing back in can help refresh things and might solve the issue.

    Verify Your Account: Check your email for any messages from Azure that might need your verification. Some actions require you to verify your identity.

    Add Your Account to the Tenant: The error message talks about adding your account as an external user in the tenant. If you're using a Microsoft (live.com) account, you might need to somehow link it with the Azure Active Directory of the specific Azure account.

    Check Application Settings: While you mentioned looking into the app registration, it's worth confirming that the application with the ID mentioned in the error message is set up properly in the Azure portal.

    Try Another Account: If nothing works, you might need to use a different account to contact Azure support. You can even create a new account if needed. They should be able to guide you through the issue.

    Give Detailed Info: When you contact Azure support, make sure to provide them with all the details from the error message. This will help them understand the problem better and provide the right solution.

    Remember, sometimes these issues can be a bit tricky, so don't hesitate to reach out to Azure support for help. They have the expertise to sort things out.

    Please try and let me know if any of this helped you to solve the issue.

    Have a great day ahead.

    0 comments No comments

  2. JamesTran-MSFT 36,606 Reputation points Microsoft Employee
    2023-08-25T22:28:18.02+00:00

    @Gre

    Thank you for your post and I apologize for the delayed response!

    Error:
    AADSTS16000: User account 'user@domain.com' from identity provider {IdentityProviderURL} does not exist in tenant...

    I understand that you're trying to open a Support Request but when you try to login to the Azure Portal with your old account, you're running into the above error message. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.


    Findings:

    When looking into the Correlation ID that you shared within your error message, it looks like you received the AADSTS16000 error code but the AADSTS50020 error message ("User account from identity provider does not exist in tenant").

    Since it looks like you're trying to login to the Microsoft Azure Signup Portal, please ensure that you're logging into the correct Azure tenant, you can do this by:

    • Using a private browsing session to login to the Azure Portal.
    • If you know the Azure tenant name, you can navigate to it using - https://portal.azure.com/DomainName

    If your user isn't associated with an Azure tenant, can you share why you need to create a Support Request? If you're locked out of your Azure tenant, I'd recommend reaching out to our Global Customer Service team, or you can contact the Azure Data Protection team for further assistance - (866-807-5850).

    For future reference, I'd also recommend creating and managing an emergency access account in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.


    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments

  3. Gre 0 Reputation points
    2023-09-07T19:10:41.1233333+00:00

    I already tried to sign in with browser anonymous mode and with different browser without any result.

    This is my problem.

    In 2018, I had a university email with the associated card for invoices. I haven't used this account since and haven't consumed anything.

    From 2022 I started receiving invoices in the secondary email. I can't log in to this account because the account has been deactivated by the university.

    The university has done some checks and the technicians say that this account has no longer existed on the azure profile for some time.

    How can I stop this?

    I attached you both e-mail content and list of received e-mails.

    Thanks

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.