This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 51%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
When attempting to sign in to the application using personal accounts (such as Outlook or Xbox), we have encountered the following error message:
"Selected user account does not exist in tenant 'smartqed.com' and cannot access the application '8a84642a-0168-48f7-87c3-1255d6502fc2' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account."
We have noted that a similar application, registered with a non-verified sandbox Azure Domain "onmicrosoft.com,", which we used to test our application throughout the development is functioning correctly and redirecting the user to the consent page. Both applications share identical configurations and permissions.
This issue happened after we migrated our application to our organizational domain directory which has a verified domain.
URLs we use:
https://login.microsoftonline.com/common/login/oauth2/code/azure
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=8a84642a-0168-48f7-87c3-1255d6502fc2&response_mode=form_post&response_type=code&scope=openid%20offline_access%20profile%20https://graph.microsoft.com/User.Read&state=7PmXPyc8Blx_NoE3qKyheyY3rw8-C-edhp-FKPoYtEI%3D&redirect_uri=https://a568-103-121-26-217.ngrok-free.app/login/oauth2/code/azure&prompt=consent&nonce=t-FojwOIUVmy0JUuri7v7ec0WIVZDGAV20F9L6j4ipw
Hi @Karthik
Please go to Azure AD and check if your app is already registered as: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Hi @CarlZhao-MSFT
Application is already registered as : Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
Hi @Karthik
I just did a quick test locally and it worked fine for me. Can you switch to the privacy window and run the following login URL to try logging in again?
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id={client id}
&response_type=code
&redirect_uri={redirect url}
&response_mode=query
&scope=openid%20offline_access%20profile%20https://graph.microsoft.com/User.Read
&state=12345
Hi @CarlZhao-MSFT
Once the login redirected to https://login.microsoftonline.com/common/login/oauth2/code/azure
It's blocking from the account selection page, but in the case of the application which is registered in a directory which has doomain 'onmicrosoft.com' it is redirecting user to the consent page, both working on same code and same configuration