@DeLeon, Jocelyn
Thank you for posting this in Microsoft Q&A.
As I understand you are getting an error "AADSTS700016" while trying to access an application via external link.
This error comes up in 2 different scenarios,
- Application does not exist in Azure Active Directory
- Application is registered but is not configured as a multi-tenant application
Application does not exist in Azure Active Directory
First, you will have to check if the application that you are trying to access is registered in your tenant.
As per the error message you did mention that the company name in error in your organization. If that is the case, then you will have to confirm the application is registered properly in your tenant (Check the Identifiers of application).
Keep in mind each Authentication protocol i.e. OAuth2, SAML 1.0, SAML 1.1, SAML2, may have different meanings for this. We will update this article as we understand this better.
OAuth2 uses client_id in the request and compares it to the AppId of the application registration.
SAML2 uses EntityId in the request and compares it to the App URI Id for the application registration.
Keep in mind that AppId is not the same as the Applications Object ID, Service Principal or also called Enterprise Apps Object ID, or Directory Id.
Application is registered but is not configured as a multi-tenant application
Generally, this means the application was registered in another directory such as fabrikam.onmicrosoft.com and it not enabled as a multi-tenant application. Check with the application developer if this is supposed to be a single tenant app or multi-tenant app.
First understand the difference of single-tenant vs multi-tenant...
https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps
If it is meant to be a multi-tenant app...
Application developer will need to convert the app from single-tenant to multi-tenant...
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
If it is supposed to be a single-tenant app and the user signing in is a guest user of the directory where the application is registered, ensure the sign-in endpoint (or also called authority) being used is as follows...
https://login.microsoftonline.com/{your-tenant-id}/…
For example, if the application is registered in fabrikam.onmicrosoft.com , then the authority should look like this...
https://login.microsoftonline.com/fabrikam.onmicrosoft.com/…
Let us know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.