This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 72%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
I am using open id with application allowed for all identtities but getting error AADSTS50020: User account 'xxxxx@outlook.com' from identity provider 'live.com' does not exist in tenant 'xxxxxx' and cannot access the application '0ad2b089-sdfdf9'(IASTESTALLIDS) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello Vamsi Koganti,
Thanks for your question.
Please take a look at the quick guide below specifically for the issue:
Error AADSTS50020 - User account from identity provider does not exist in tenant
Regards,
Abiola
You can mark it 'Accept Answer' and upvote if this helped.
This guide is not applicable. what i we want to achieve is Open ID configuration with out having to have all users in the tenancy. the same was achieved with consumers https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration
this config is for personal accounts only . we want to achive this for any MS user.
Hi @Vamsi Koganti , you'll need to invite the user to your tenant. Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
Inviting the user will beat the purpose of managing the users in your tenancy. We are trying to configure OpenID configuration for on the apps, as per the url https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc . we are using the OpenID configuration document URI as common as we want to allow users from Microsoft personal , work and school accounts. As a part of configuration the discovery url we are using is https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration the issuer that is returned is https://login.microsoftonline.com/{tenantid}/v2.0 which seems to be wrong
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Vamsi Koganti ,
Thanks for reaching out.
You are getting error due to configuration issues in your web application.
The discovery URL you are using is of Entra ID rather than Azure AD B2C https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
With B2C open ID connect, you can allow any users to use sign up/sign in policy to register in your B2C tenant with discovery URL https://<tenantName>.b2clogin.com/<tenantName>.onmicrosoft.com/<B2C policy name>/v2.0/.well-known/openid-configurationTo setup Open ID configuration in your B2C tenant, refer https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect
If that is not the scenario you are looking for, please explain the scenario so we can help you better.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
Hi Swetha ,
Thanks for your response. Let me explain the scenario.
We setup a B2C tenant and application with in this tenant. The App authentication is set to "Accounts in any identity provider or organizational directory" . We don't want to manage or invite users with in this B2c Tenancy, we want to allow user from any microsoft account ( Work , School , Personal ).
We are trying to configure OpenID configuration for on the apps, as per the url https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc .
we setup consumers (Only users with a personal Microsoft account can sign in to the application.) which will allow users with a personal MS account, and it is working as expected. As out scenario is to allow any one with Microsoft account, we want to use common.
Discovery URL for consumers is
https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration
Issuer is
https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0
we are using the OpenID configuration document URI as common as we want to allow users from Microsoft personal , work and school accounts. As a part of configuration the discovery url we are using is https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration the issuer that is returned is https://login.microsoftonline.com/**{tenantid}**/v2.0 which seems to be wrong.
We also tried to use organizations as discovery url with same result as common.
Using contoso.onmicrosoft.com as per the document is giving the error as the user is not part of the tenant.
Hope this explains the problem. Looking forward for your help.
Regards,