AADSTS700056: User account does not exist in organization.

Shreyal Gelani 5 Reputation points
2024-01-25T03:10:35.2733333+00:00

Hi,
I have MS Entra External ID preview tenant created. However, I noticed that I cannot authenticate successfully with the local account. Below I provide more details. I would be grateful for help/hints

Describe the bug

When I try to login with corporate account or standard customer account I have below error displayed after authentication is completed:

AADSTS700056: User account does not exist in organization.

This only happens when the customer use their email id to login instead of principal username. The user is redirected to temporary access pass page when they use their customer email but when they try to use the pass code it throws error.

Steps to reproduce:

  1. Create a user in your Tenant where email authentication policy and Temporary Access Pass is enabled.
  2. Generate Temporary access pass for user.
  3. Try to signin with the email provided in email authentication policy. You will be redirected to Enter Temporary access pass screen.
  4. Enter your temporary access pass.

Note: Temporary access pass only works if you use your User principal name.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,571 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,618 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 25,306 Reputation points Microsoft Employee
    2024-01-29T07:55:04.0433333+00:00

    Hi @Shreyal Gelani
    Apologies for delay in response.

    Could you please confirm how you setup your user flow and which option you choose for user's email accounts?

    User's image

    Currently, in Microsoft External Id for Customers (CIAM) we do not have an option to sign in with UserPrincipalName. Could you please confirm and share the screenshots so we can help you further.

    We recommend to use Email with Password to Sign in to your application with MFA as MFA uses pass code as second form of authentication.

    Reference - https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-multifactor-authentication-customers

    Thanks, Shweta