User account from identity provider does not exist in tenant and cannot access the application in that tenant

Sagar Chaudhuri 1 Reputation point
2021-06-22T18:13:16.083+00:00

I'm implementing the SSO integration with Azure AD but facing some error,

Details,

Supported account types: Multiple organizations
SSO TYpe: SAML based

Error Message: [ Getting the below error ]
Sorry, but we’re having trouble signing you in.
AADSTS50020: User account 'DevOps@Piepel .com' from identity provider 'https://sts.windows.net/7d6665a4-1aef-xxxxx-a17e-xxxxxx/' does not exist in tenant 'xxxxxxx xxxxx xxxxxxx Private Limited' and cannot access the application 'xxxxx-3f4e-4f03-a3d6-xxxxxx'(xxxxx-sso-app) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,441 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2021-06-25T06:16:50.8+00:00

    Hi @Sagar Chaudhuri · Thank you for reaching out.

    As you have mentioned, Supported account types is set to Multiple organizations. However, if your authentication call is for specific tenant i.e., https://login.microsoftonline.com/your_tenant_name_or_id, users from other organizations won't be able to access the application and are required to be added as guests in the tenant specified in the request.

    In your case, authentication request should either be for https://login.microsoftonline.com/organizations or https://login.microsoftonline.com/common

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.