Share via

AADSTS50020: User account 'email@.com' from identity provider 'live.com' does not exist in tenant 'Behaviour Interactive Inc.'

Jungho Ham 10 Reputation points
2023-10-14T15:01:36.2733333+00:00

Literally AADSTS50020: User account 'email@.com' from identity provider 'live.com' does not exist in tenant 'Behaviour Interactive Inc.' and cannot access the application 'urn:amazon:cognito:sp:us-east-1_4sgPWILBE'(DevOps_BHVRAccount_CloudFront_Dev) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. I get the following error

Request Id: 5f441dd5-53fc-45ab-9f72-58185c856300

Correlation Id: b7afa7ef-9539-43bd-a8bb-1300304e6be0

Timestamp: 2023-10-14T14:54:14Z

Message: AADSTS50020: User account 'email@.com' from identity provider 'live.com' does not exist in tenant 'Behaviour Interactive Inc.' and cannot access the application 'urn:amazon:cognito:sp:us-east-1_4sgPWILBE'(DevOps_BHVRAccount_CloudFront_Dev) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

error.

I've also flagged the sign-in error for your review.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,332 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,931 Reputation points Microsoft Employee
    2023-10-16T07:44:38.3066667+00:00

    @Jungho Ham

    Thank you for posting your query on Microsoft Q&A. From above description its seems like the user is getting error while trying login to the tenant or application with a personal account.

    Please do correct me by responding in the comments section.

    To resolve the error, kindly refer to below doc for similar issue and TSG:

    Error AADSTS50020 - User account from identity provider does not exist in tenant

    If this does not work then please validate the following:

    • See if you are logging onto correct directory on your tenant:

    User's image

    • External collaboration settings:
    1. Sign in to the Azure portal with Global Administrator permissions.
    2. Browse to Azure Active Directory > User settings.
    3. Under External users, select Manage external collaboration settings.
    4. On the External collaboration settings page, select Guest user access is restricted to properties and memberships of their own directory objects option.

    external-collaboration-settings

    • If you are an administrator, you can also try to dismiss the user risk after ensuring that the risk assessment was a false positive.

    Update 2:

    Seems like you were using a free version of Azure AD/Entra ID. Since Azure AD is now Microsoft Entra ID,

    The free edition of Microsoft Entra ID is included with a subscription of a commercial online service such as Azure, Dynamics 365, Intune, Power Platform, and others.

    So either you may get one of the above mentioned subscription or you needed P1 or P2 subscription: https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id#:~:text=The%20free%20edition%20of%20Microsoft,%2C%20Power%20Platform%2C%20and%20others.

    User's image

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.