User account from identity provider does not exist in tenant and cannot access the application in that tenant

Question

I'm implementing the SSO integration with Azure AD but facing some error,

Details,

Supported account types: Multiple organizations
SSO TYpe: SAML based

Error Message: [ Getting the below error ]
Sorry, but we’re having trouble signing you in.
AADSTS50020: User account 'DevOps@Piepel .com' from identity provider 'https://sts.windows.net/7d6665a4-1aef-xxxxx-a17e-xxxxxx/' does not exist in tenant 'xxxxxxx xxxxx xxxxxxx Private Limited' and cannot access the application 'xxxxx-3f4e-4f03-a3d6-xxxxxx'(xxxxx-sso-app) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Answer 1

Hi @Sagar Chaudhuri · Thank you for reaching out.

As you have mentioned, Supported account types is set to Multiple organizations. However, if your authentication call is for specific tenant i.e., https://login.microsoftonline.com/your_tenant_name_or_id, users from other organizations won't be able to access the application and are required to be added as guests in the tenant specified in the request.

In your case, authentication request should either be for https://login.microsoftonline.com/organizations or https://login.microsoftonline.com/common

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.