This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I have MS Entra External ID preview tenant created. However, I noticed that I cannot authenticate successfully with the local account. Below I provide more details. I would be grateful for help/hints.
Describe the bug
When I try to login with corporate account or standard customer account (for instance using email from minutemailbox) I have below error displayed after authentication is completed:
There was an error trying to log you in: 'AADSTS500208: The domain is not a valid login domain for the account type.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
User should be authenticated successfully and tokens should be issued to the application.
My test tenant ID: 17444b8d-b055-4b48-8797-2c12f5b9b416
Few weeks ago I was able to successfully authenticate.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 33%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
EDIT: Oops, I see now there were comments on the answers below that I had missed that cover most of what I put here, but I'll leave it anyway in case there's anything useful
I'm having the same issue as the OP. The demo that sends you to jwt.ms appears to work, but when using it in my SPA using the MSAL library, I receive the AADSTS500208 error. Here are a few things I've tried and their results:
Environment Setup:
Using login.microsoftonline.com/{tenantId}, I am only able to log in with accounts that have the Global Administrator role. I tried signing in with invited AD accounts (guest and member), local, and social accounts. If the user does not have the role, it returns the originally mentioned error: "AADSTS500208: The domain is not a valid login domain for the account type."
Using {tenantName}.ciamlogin.com, I was unable to test the roles because it didn't prompt for AD accounts, so I tried this with local users and it gets a different error: "AADSTS500207: The account type can't be used for the resource you're trying to access."
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 41%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWW%3C/text%3E%3C/svg%3E)
Any fix for this???
come on, the solution is useless without fixing signing up.
I'm guessing it had something to do with the "SAML request" sent by the application, it must use https://*.ciamlogin.com, but that doesn't make sense as the ciam solution should respond to any SAML request".
Do you have any updates about this issue? I think that seeing so many people with similar issue it would be good to have official update from Microsoft with the status of the issue and resolution.
Please let me know.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 28.000000000000004%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hi @Daniel Krzyczkowski , I am commenting to follow-up on this same issue. I have a task that requires me to perform multi-tenant authentication and it's failing, if you have gotten any positive resource/s for this issue, please share.