Share via

AADSTS500011 error for standard users

Tomlin Izie 140 Reputation points
2026-02-09T09:46:36.0866667+00:00

Our single-tenant Teams Tab app (SSO enabled) works perfectly for Global Admins but fails for standard users in the same tenant. While the bootstrap token is acquired, the backend exchange fails because the resource principal is not recognized for non-administrative accounts.

Microsoft Teams | Development
Microsoft Teams | Development

Building, integrating, or customizing apps and workflows within Microsoft Teams using developer tools and APIs

0 comments
Answer accepted by question author
  1. Dora-T 11,125 Reputation points Microsoft External Staff Moderator
    2026-02-09T10:50:21.2366667+00:00

    Hi Tomlin Izie

    Thank you for reaching out to the Microsoft Q&A Forum and sharing your issue.

    Based on the error code, AADSTS500011 is usually related to the resource service principal not being available or not fully consented in the tenant. This can occur when the application or API permissions have not yet been granted tenant-wide admin consent, which may allow Global Admins to access the app while standard users are blocked.

    Could you please confirm whether admin consent has already been granted for this application? If not, please try granting tenant-wide admin consent and check if that resolves the issue for standard users.

    You can follow the guidance in this article to grant admin consent: Grant tenant-wide admin consent to an application - Microsoft Entra ID | Microsoft Learn

    After granting consent, please test again with a standard user account and let me know if the issue persists.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-09T09:46:47.9366667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The AADSTS500011 error indicates that the resource principal is not found in the tenant for standard users, which is likely due to the application not being properly provisioned or consented for those users. Here are some steps you can take to troubleshoot and resolve the issue:

    1. Verify Resource Application Provisioning: Ensure that the application is registered correctly in your Microsoft Entra ID tenant. Check if the application is listed and configured properly in the Azure portal under Microsoft Entra ID > Enterprise applications.
    2. Consent to Application: Make sure that the resource application has been consented to by an administrator or a user in the tenant. This can also be checked in the Azure portal.
    3. Check Resource URL: Verify that the resource URL in the error message matches the resource application registered in your tenant ID. Ensure that the authentication request is sent using the correct resource URL.
    4. Check Tenant ID: Confirm that the tenant ID in the error message matches your actual tenant ID and that the authentication request is directed to the correct Microsoft Entra ID tenant.

    By following these steps, you should be able to identify and resolve the issue preventing standard users from accessing the Teams Tab app successfully.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.