![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 36%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Subscription, account, billing | For business | Other
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
Please note that this forum is a public platform, so we’ve adjusted your question to hide your organization’s domain name. For future posts, kindly avoid sharing any personal or organizational details to help protect your data.
Hello @Legacy Custom Wraps
Welcome to the Microsoft Q&A Community!
Thank you for contacting us. I reviewed the sign‑in message you received and can confirm that it matches Microsoft Entra ID error AADSTS50020.
Based on the official article Error AADSTS50020 - User account from identity provider does not exist in tenant | Microsoft Learn, this error occurs when a user attempts to access an application or resource in one Microsoft Entra tenant using an account that does not exist in that tenant as either a member or a guest.
In your scenario, you are signing in with an account from the sonorancitywraps.com organization, while the application “My Sign‑ins” is being accessed within the legacycustomwraps.com tenant. Because your account is not present in the legacycustomwraps.com directory, authorization fails and the sign‑in is blocked. In this case:
- The account you are using belongs to a different organization than the tenant that hosts the application you are trying to reach.
- The application or tenant does not currently recognize your account as an allowed identity.
- Microsoft Entra ID prevents access until the account is added to the target tenant or you sign in with an account that already resides in that tenant.
Common causes could be:
- The user has not been added to the target tenant as a guest or member.
- The application is configured for a single‑tenant audience only, which blocks users from other organizations or from personal Microsoft accounts where applicable.
- The sign‑in request uses an endpoint or URL that does not match the application’s supported account types, for example using a tenant‑specific endpoint when the app expects the common or organizations endpoint.
- The user is signed into a different organization in their browser session, or is attempting to use a personal Microsoft account where an Entra ID organizational account is required.
- The application requires explicit user assignment and the user has not been assigned. In some cases, a previously issued guest invitation may need to be re‑redeemed.
For the end user, please choose among the options below that best matches your access scenario:
Option 1: Sign in with an account that belongs to the target tenant
If you have a legacycustomwraps.com organizational account, sign out of your current Microsoft session, then sign back in with your legacycustomwraps.com credentials and access the application again. Using a private or incognito browser window can help ensure a clean sign‑in.
Option 2: Request a guest invitation to the target tenant
If you do not have an account in the legacycustomwraps.com tenant, ask an administrator of that tenant to invite your sonorancitywraps.com address as a guest user. After you receive the invitation, open the invitation email, complete the acceptance process, and then sign in again. If prompted, switch your active organization to legacycustomwraps.com before opening the application.
Option 3: Switch organizations if you are already a guest
If you have previously been invited as a guest, open your Microsoft account settings, go to your list of organizations, and select legacycustomwraps.com as your active organization before accessing the application. If access still fails, sign out and sign back in to refresh the session.
For admins, kindly perform the following checks and corrections:
1/ Confirm that the user exists in the target tenant Verify in Microsoft Entra Admin Center that the user appears as a member or guest. If not, invite the user as an external guest and ensure the invitation is redeemed successfully. If redemption is stuck, reset the guest redemption status and resend the invitation.
2/ Review the application’s supported account types
In App registrations, open the application, review the Supported account types (signInAudience in the manifest), and ensure it aligns with your access needs. If the application must accept users from multiple organizations, configure it as multitenant, or as multitenant plus personal Microsoft accounts if appropriate. Note that changing signInAudience may require re‑registering the application in some cases.
3/ Use the correct authorization endpoint
Ensure that your authentication flow uses an endpoint that matches the supported account types. For multitenant applications, use the common or organizations endpoint. For single‑tenant applications, use the tenant‑specific endpoint. Mismatched endpoints will cause sign‑in failures for external users.
4/ Check user assignment requirements
If the application is configured to require user assignment, assign the user or a relevant group to the application under Enterprise applications before they attempt to sign in.
5/ Consider personal versus organizational account restrictions
Some applications do not support personal Microsoft accounts. If personal accounts are not supported, ensure users sign in with organizational Entra ID accounts or adjust the app audience if personal accounts are intended to be allowed.
Verification steps:
- After making the relevant change, have the user sign out of all Microsoft sessions or open a private browser session.
- If a guest invitation was sent, confirm that the user has accepted the invitation and that their user object appears in the legacycustomwraps.com directory.
- Confirm that the user’s active organization is set to legacycustomwraps.com at the time of access.
- Attempt to access the application again and review the sign‑in logs if the issue persists.
Please let me know if there are any concerns or you need further assistance. I am happy to clarify!
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
