The account needs to be added as an external user in the tenant first

Noor Ul Qamar 0 Reputation points

Troubleshooting details

If you contact your administrator, send this info to them.

Copy info to clipboard

Request Id: e3870c5f-a72e-4df9-ad08-de89d9f44500

Correlation Id: 105d98fd-fa65-4f7a-94c3-ad03ce58fa33

Timestamp: 2023-09-17T05:31:09Z

Message: AADSTS90072: User account '' from identity provider '' does not exist in tenant 'MSFT' and cannot access the application '0000000c-0000-0000-c000-000000000000'(Microsoft App Access Panel) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account

Flag sign-in errors for review: Enable flagging

If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,543 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
3,955 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 19,626 Reputation points Microsoft Employee

    Hi @Noor Ul Qamar

    Thanks for reaching out.

    This error indicates that the external account that the user signs in with doesn't exist on the tenant that they signed into; so, the user can't satisfy the MFA requirements for the tenant. This error also might occur if the users are synced, but there is a mismatch in the ImmutableID (sourceAnchor) attribute between Active Directory and Azure AD. The account must be added as an external user in the tenant first. Sign out and sign in with a different Azure AD user account.

    As @Brian Zarb mentioned, you can ask the global administrator or any existing Azure AD tenant to invite you as a guest user as mentioned here: Once you are added to an azure tenant and you accept the invite sent to you via email, you can use URL to create your own tenant as well.

    Hope this will help.



    Please remember to "Accept Answer" if answer helped you.