AADSTS700056: User account does not exist in organization.

Question

AADSTS700056: User account does not exist in organization.

Shreyal Gelani 5

Hi,
I have MS Entra External ID preview tenant created. However, I noticed that I cannot authenticate successfully with the local account. Below I provide more details. I would be grateful for help/hints

Describe the bug

When I try to login with corporate account or standard customer account I have below error displayed after authentication is completed:

AADSTS700056: User account does not exist in organization.

This only happens when the customer use their email id to login instead of principal username. The user is redirected to temporary access pass page when they use their customer email but when they try to use the pass code it throws error.

Steps to reproduce:

Create a user in your Tenant where email authentication policy and Temporary Access Pass is enabled.
Generate Temporary access pass for user.
Try to signin with the email provided in email authentication policy. You will be redirected to Enter Temporary access pass screen.
Enter your temporary access pass.

Note: Temporary access pass only works if you use your User principal name.

Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2024-01-25T13:38:14.3766667+00:00

Hi @Shreyal Gelani
Thank you for your post!

We will check this and get back to you.

Thanks,
Akhilesh.

1 answer

Your answer

Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2024-01-25T13:38:14.3766667+00:00

Hi @Shreyal Gelani
Thank you for your post!

We will check this and get back to you.

Thanks,
Akhilesh.

Answer 1

Shweta Mathur 30,301 Microsoft Employee Moderator

Hi @Shreyal Gelani
Apologies for delay in response.

Could you please confirm how you setup your user flow and which option you choose for user's email accounts?

User's image

Currently, in Microsoft External Id for Customers (CIAM) we do not have an option to sign in with UserPrincipalName. Could you please confirm and share the screenshots so we can help you further.

We recommend to use Email with Password to Sign in to your application with MFA as MFA uses pass code as second form of authentication.

Reference - https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-multifactor-authentication-customers

Thanks, Shweta

Shreyal Gelani 5 Reputation points

2024-01-30T22:42:10.22+00:00

Hi @Shweta Mathur ,
I can confirm that I have used Email with password. I understand that currently there is no mention about the option to use userPrincipalName. I just wanted to use Temporary access pass authentication method for my customers with their email which is not working I think. I have no issues with MFA or Email with password flow.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Shweta Mathur 30,301 Reputation points Microsoft Employee Moderator

2024-02-01T04:29:38.8466667+00:00

Shreyal Gelani As this feature is still in preview.

Currently we are not supporting Temporary access pass authentication method for customers.

As this feature is already in evolving state. I would suggest you post this idea at the Azure Feedback Portal, which is monitored by the product team for feature enhancements.

Hope this will help.

Thanks, Shweta

Please remember to "Accept Answer" if answer helped you.

Share via

AADSTS700056: User account does not exist in organization.

1 answer

Your answer