The account needs to be added as an external user in the tenant first

Noor Ul Qamar 0 Reputation points
2023-09-17T05:43:55.4366667+00:00

Troubleshooting details

If you contact your administrator, send this info to them.

Copy info to clipboard

Request Id: e3870c5f-a72e-4df9-ad08-de89d9f44500

Correlation Id: 105d98fd-fa65-4f7a-94c3-ad03ce58fa33

Timestamp: 2023-09-17T05:31:09Z

Message: AADSTS90072: User account 'admin@noorulqamar.com' from identity provider 'https://sts.windows.net/0925e28c-afd1-4484-9539-16d745b1ae85/' does not exist in tenant 'MSFT' and cannot access the application '0000000c-0000-0000-c000-000000000000'(Microsoft App Access Panel) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account

Flag sign-in errors for review: Enable flagging

If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,794 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,653 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,746 Reputation points Microsoft Employee
    2023-09-18T07:37:35.4533333+00:00

    Hi @Noor Ul Qamar

    Thanks for reaching out.

    This error indicates that the external account that the user signs in with doesn't exist on the tenant that they signed into; so, the user can't satisfy the MFA requirements for the tenant. This error also might occur if the users are synced, but there is a mismatch in the ImmutableID (sourceAnchor) attribute between Active Directory and Azure AD. The account must be added as an external user in the tenant first. Sign out and sign in with a different Azure AD user account.

    As @Brian Zarb mentioned, you can ask the global administrator or any existing Azure AD tenant to invite you as a guest user as mentioned here: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory. Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.