getting an error message that the user does not exist in the tenant and cannot access application

Question

getting an error message that the user does not exist in the tenant and cannot access application

Kusai Merchant 0

Request Id: 8bcaad2f-94cf-43b7-9d13-17878aab0b00

Correlation Id: 69aa8dc1-a901-1244-11b5-779b1d6f6a18

Timestamp: 2025-03-20T12:44:20Z

Message: AADSTS50020: User account '---@------.com' from identity provider 'https://sts.windows.net/24275a02-3284-46af-9a9f-945677071c32/' does not exist in tenant '-------.com' and cannot access the application '5d661950-3475-41cd-a2c3-d671a3162bc1'(Microsoft Outlook) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.How do I fix this?

2 answers

Your answer

Answer 1

Hello Kusai Merchant,

Thank you for posting query in Microsoft Q&A.

As per description, we understand that users are not able to access the application and getting the AADSTS50020 error.

When a guest user tries to access an application or resource in the resource tenant, the sign-in fails, and the AADSTS50020 error message is displayed.

I suggest you to check the below causes.

1. Guest user was not invited

The guest user who tried to sign in was not invited to the tenant. Make sure that you follow the below steps to invite the guest user.

Sign in to the Microsoft Entra ID as at least a User Administrator.

Browse to Identity > Users > All users.

Select Invite external user from the menu.

guest2

Here, you're inviting the guest to your tenant using their email address. For this quickstart, enter an email address that you can access.

Email: Enter the email address for the guest user you're inviting.

Display name: Provide the display name.

Invitation message: Select the Send invite message checkbox to send an invitation message. When enabling this checkbox, you can also set up the customized short message and another CC recipient.

guest3

Select the Review and invite button to finalize the process.

Review and invite

The final tab captures several key details from the user creation process. Review the details and select the Invite button if everything looks good.

An email invitation is sent automatically.

After you send the invitation, the user account is automatically added to the directory as a guest.

gues3.5

Accept the invitation

Now sign in as the guest user to see the invitation.

Sign in to your test guest user's email account.

In your inbox, open the email from "Microsoft Invitations on behalf of Contoso."

guest4

In the email body, select Accept invitation. A Permission requested by: page opens in the browser.

guesssss

Select Accept.

The My Apps page opens. Because we haven't assigned any apps to this guest user, you'll see the message "There are no apps to show." In a real-life scenario, you would add the guest user to an app so the app would appear here.

2.Check whether the resource tenant's guest user is older than the home tenant's user account

Compare the age of the resource tenant's guest user against the home tenant's user account. You can make this verification by using Microsoft Graph or MSOnline PowerShell.

Issue a request to the MS Graph API to review the user creation date, as follows:

GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/createdDateTime

Then, check the creation date of the guest user in the resource tenant against the creation date of the user account in the home tenant. The scenario is confirmed if the guest user was created before the home tenant's user account was created.

Once you have verified the above two solutions and if still the issue persists, please let me know for further troubleshooting.

Venkata Jagadeep 1,400 Reputation points Microsoft External Staff Moderator

2025-03-21T23:41:54.39+00:00

Hello Kusai Merchant,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 2

Kusai Merchant 0

Hello Venkata,

No, unfortunately this doesn't solve my problem. The problem arose when I switched my email service provider from Outlook provided through GoDaddy, to being directly provided by M365. I also bought one user license for all the various Microsoft apps. I assigned that license to the email address that I had originally set up in GoDaddy.

I am able to access that account via the Outlook web portal, but I can't get the Outlook app to work. When I try to log in with my credentials with the assigned licenses, I get this error message.

(Incidentally, initially I was getting this error with ALL Microsoft products, like Word and Teams, but I raised this with GoDaddy help and they made some changes and fully deleted the old tenant from their systems and now I can access all my apps EXCEPT Outlook. That's the one app that is still giving me this error.)

M365 Help team said that the Azure team would need to so something to address this tenant issue, that it wasn't something I would be able to fix myself.

I am pasting below that email exchange, which includes the Help request tracking ID. Can you assist with this?

------------------- Original Message ------------------- From: ******@mail.support.microsoft.com; Received: Thu Jan 30 2025 12:01:30 GMT-0500 (Eastern Standard Time) To: ******@merchant-strategies.com; supportmail@microsoft.com; Subject: RE: [EXTERNAL] Re: getting an error when i try ... - TrackingID#2501300040009232

Hello Kusai,

Thanks for your response. As I mentioned before, your issue is related to Azure identity. It is because you were using email services from Godaddy along with domain, as far as I know the email services that Godaddy provide is connected to Microsoft Exchange. If it was the case for you then your identity conflict is there on Azure end.

To resolve the issue you have to create a ticket from Identity/Azure portal Home - Microsoft Azure. You will probably need Azure premium subscription for that which you probably go for a trial version to be able to create a support request.

There is a workaround which might work for you, you will have to create a new windows profile and try to login with your account there on office apps if they are already installed. If the apps are not installed, install them first.

Though this issue is out of scope for our support team, however I wanted to assist you therefore, out of the best effort I provided you the above information.

If you have any further questions, please feel free to ask.

Venkata Jagadeep 1,400 Reputation points Microsoft External Staff Moderator

2025-03-24T19:52:59.5066667+00:00

Hello Kusai Merchant,

Thank you for detailed information provided.

I understand that your user account is at Go Daddy (your Identity Provider) and you have purchased Microsoft Office License to access.

You are able to access your emails through web browser, but not with Outlook application.

Here your user account is present in Go Daddy and not with Microsoft and so, you are able to access mailbox from browser, but for outlook application it will search user account in Microsoft tenant.

Most accounts are supported in new Outlook. This includes Microsoft accounts such as an Outlook.com or Hotmail.com account, work or school accounts assigned to you by your organization's admin, third-party accounts such as Gmail, Yahoo!, iCloud, and other third-party accounts connecting through IMAP.

I suggest you refer the below document to configure outlook with your email account with Go Daddy as IDP.

https://support.microsoft.com/en-us/office/add-an-email-account-to-outlook-for-windows-6e27792a-9267-4aa4-8bb6-c84ef146101b
Venkata Jagadeep 1,400 Reputation points Microsoft External Staff Moderator

2025-03-25T17:40:15.82+00:00

Hello Kusai Merchant,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Kusai Merchant 0 Reputation points

2025-03-25T19:40:55.2366667+00:00

No, I currently have my email and all my app access through M365 directly, not with GoDaddy. I terminated my Outlook subscription with GoDaddy after i signed up with M365. this was the mistake i made, because it created the problem that you described to me in your initial response, which I am pasting below in italics. My '@merchant-strageties.com' email is older than my M365 account (for which the primary user ID is '******@merchantstrategies.onmicrosoft.com').

So what do I do now???

2.Check whether the resource tenant's guest user is older than the home tenant's user account

Compare the age of the resource tenant's guest user against the home tenant's user account. You can make this verification by using Microsoft Graph or MSOnline PowerShell.

Issue a request to the MS Graph API to review the user creation date, as follows:

GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/createdDateTime

Then, check the creation date of the guest user in the resource tenant against the creation date of the user account in the home tenant. The scenario is confirmed if the guest user was created before the home tenant's user account was created.

Once you have verified the above two solutions and if still the issue persists, please let me know for further troubleshooting.
Kusai Merchant 0 Reputation points

2025-03-28T15:47:03.6333333+00:00

Hi Venkata. My Outlook app appears to now be working, and my issue is resolved. Did you something to address this? If so, thanks very much for the assistance.
Venkata Jagadeep 1,400 Reputation points Microsoft External Staff Moderator

2025-03-28T19:32:31.2033333+00:00

Hello Kusai Merchant,

Thank you for updating that issue was resolved. Please let us know how you resolved the issue, so that Microsoft Community members will understand the resolution.

Share via

getting an error message that the user does not exist in the tenant and cannot access application

2 answers

Your answer