![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 11%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Identity Manager
A tool for managing user identities, credentials, and access across on-premises and cloud environments
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello Judy Piercy,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
The error message you're seeing, typically means the user is trying to access a Microsoft 365 resource (like SharePoint Online) using an identity that doesn't belong to your organization's Azure Active Directory (AAD) tenant.
This usually happens when:
- The user is signed in with a personal Microsoft account (MSA) instead of their work account.
- The user isn't properly added as a guest/external user to your Azure AD tenant.
I will recommend some solutions to try below as:
The User's Solution (Immediate Workaround):
Try a clean sign-in session first:
- Clear Caching: Fully sign out of all Microsoft services in your current browser.
- Use Private Mode: Open the website link in a Private (InPrivate/Incognito) browser window. This ensures no existing cookies or cached credentials interfere with the sign-in process.
Check App Registration Settings:
- Ensure SignInAudience includes
AzureADandPersonalMicrosoftAccountorAzureADMultipleOrgs. Reference: https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/app-integration/error-code-AADSTS50020-user-account-identity-provider-does-not-exist
Use Correct Endpoint:
- For multi-tenant apps:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize. - For single tenant:
https://login.microsoftonline.com/{TenantID}.
The Administrator's Solution if the above did not work out: If you are the Global administrator of the account 'Tarrant Area Food Bank' Microsoft Entra ID tenant perform these below steps like (otherwise ask your administrator to perform these steps):
Invite the User as a Guest: The administrator must explicitly invite the user's personal email address (******@aol.com) to their Microsoft Entra ID tenant as a Guest User.
Please do follow this guide to add it: Quickstart: Add a guest user and send an invitation - Microsoft Entra External ID | Microsoft Learn.
Once the administrator has successfully invited the user:
- The user will receive an email invitation to their
******@aol.comaddress. - The user must click the link in the invitation email to accept the invitation.
- After accepting, the user should be able to sign in successfully using their
******@aol.com(live.com) account.
Please do refer these documents for better understanding:
- Troubleshooting error code AADSTS50020
- Quickstart: Add a guest user (Azure portal)
- How to add external user in SharePoint
Hope this helps! If it answered your question, please consider clicking Accept Answer and Upvote👍 for it. This will help us and others in the community as well. If you need more info, feel free to ask in the comments. Happy to help!
Thank you for helping to improve Microsoft Q&A!
Regards,
Monalisha