AADSTS50020: User account '@gmail.com' from identity provider 'live.com' does not exist in tenant 'Behaviour Interactive Inc.'

Oppa Oppa 10 Reputation points

Request Id: 8829403c-ffea-4670-bf7d-e35d1bf3f800

Correlation Id: 7e6e9ca2-c185-439a-9f98-7abf4d9b1135

Timestamp: 2023-10-15T06:02:21Z

Message: AADSTS50020: User account '@gmail.com' from identity provider 'live.com' does not exist in tenant 'Behaviour Interactive Inc.' and cannot access the application 'urn:amazon:cognito:sp:us-east-1_4sgPWILBE'(DevOps_BHVRAccount_CloudFront_Dev) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Microsoft Entra
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 14,836 Reputation points Microsoft Employee

    @Oppa Oppa

    Thanks for posting question in Microsoft Q&A.

    The error AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' usually occurs when you sign in to Azure Portal using your personal account which is not added as an external/guest user to an Azure AD tenant. Due to this, you by default get connected to the Microsoft Services tenant. You can confirm this by navigating to Azure Active Directory > Overview blade and you can see f8cdef31-a31e-4b4a-93e4-5f571e91255a as Tenant ID.

    Since you are connected to the Microsoft Services tenant as a standard user with restricted access, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant.

    For this purpose, you need to create your own tenant rather than using the Microsoft Services (f8cdef31-a31e-4b4a-93e4-5f571e91255a) tenant. When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.

    To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.

    Once the new account is created, you should be able to see and switch to the new tenant by clicking on the settings icon as highlighted below:


    Alternatively, you can ask the global administrator or any existing Azure AD tenant to invite you as a guest user as mentioned here: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory. Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.

    Let me know if you have any further question.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.