User account from identity provider does not exist in tenant and cannot access the application in that tenant

Sagar Chaudhuri 1 Reputation point
2021-06-22T18:13:16.083+00:00

I'm implementing the SSO integration with Azure AD but facing some error,

Details,

Supported account types: Multiple organizations
SSO TYpe: SAML based

Error Message: [ Getting the below error ]
Sorry, but we’re having trouble signing you in.
AADSTS50020: User account 'DevOps@Piepel .com' from identity provider 'https://sts.windows.net/7d6665a4-1aef-xxxxx-a17e-xxxxxx/' does not exist in tenant 'xxxxxxx xxxxx xxxxxxx Private Limited' and cannot access the application 'xxxxx-3f4e-4f03-a3d6-xxxxxx'(xxxxx-sso-app) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,680 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 55,431 Reputation points
    2021-06-25T06:16:50.8+00:00

    Hi @Sagar Chaudhuri · Thank you for reaching out.

    As you have mentioned, Supported account types is set to Multiple organizations. However, if your authentication call is for specific tenant i.e., https://login.microsoftonline.com/your_tenant_name_or_id, users from other organizations won't be able to access the application and are required to be added as guests in the tenant specified in the request.

    In your case, authentication request should either be for https://login.microsoftonline.com/organizations or https://login.microsoftonline.com/common

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.