User invitation link return AADSTS500208: The domain is not a valid login domain for the account type

Leon Cangini 20 Reputation points
2024-02-03T12:17:48.7333333+00:00

I sent an invitation as an external user to register a colleague in my app, and when he clicks get this error

AADSTS500208: The domain is not a valid login domain for the account type. Trace ID: 2755e899-999c-435a-ba43-dfea21cf0000 Correlation ID: 80f33010-235a-4b1a-bfc4-88c14e374fe3 Timestamp: 2024-02-03 12:13:43Z

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,529 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pinaki Ghatak 5,305 Reputation points Microsoft Employee
    2024-02-04T11:43:25.0633333+00:00

    Hello @Leon Cangini

    The error AADSTS500208: The domain is not a valid login domain for the account type typically occurs when the user’s account does not match the expected account type for the given tenant.

    Here are a few things you could try:

    1. Ensure that the user is signing in with an account that exists on the same tenant where the application is registered.
    2. If the user is an external user, you might need to invite them as a Guest to your Azure AD tenant.
    3. Check the authority you’re using in your application. For example, if you’re using login.microsoftonline.com/{tenantId}, ensure that the user has the necessary role (like Global Administrator). If the user doesn’t have the role, it might return the error.
    4. If you’re using {tenantName}.ciamlogin.com, ensure that it prompts for AD accounts.

    If these steps don’t resolve the issue, please provide more details about your setup (like the type of accounts you’re using, the tenant setup, etc.), and I’ll do my best to assist you further. Does this answer your question?

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. JimmySalian-2011 42,191 Reputation points
    2024-02-03T15:26:14.0266667+00:00

    Hi,

    This situation occurs when the user's account does not match the expected account type for the given tenant. For instance, if the tenant is configured to allow only work or school accounts, and the user tries to sign in with a personal Microsoft account, they will receive this error. Check the user is using correct account also try in incognito mode in the browser.

    Hope this helps. JS

    == Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.