Share via

Temporary AADSTS90072 errors during sign up

Manuel Tospann 316 Reputation points
2026-02-27T13:32:11.0466667+00:00

A few customers were not able to sign up between ~12:20pm and ~12:40pm UTC.

This is the error they provided.

Troubleshooting details If you contact your administrator, send this info to them. Copy info to clipboard Request Id: *** Correlation Id: *** Timestamp: 2026-02-27T12:37:26Z Message: AADSTS90072: User account '' from identity provider 'mail' does not exist in tenant '' and cannot access the application ********* in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account Flag sign-in errors for review: Enable flagging If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

User's image

Any chance to find more details in my Entra External ID tenant?

Any idea why this issue temporarily happened?

Microsoft Security | Microsoft Entra | Microsoft Entra External ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thanmayi Godithi 7,190 Reputation points Microsoft External Staff Moderator
    2026-03-13T18:51:02.6833333+00:00

    Hey @Manuel Tospann, it looks like your users were hitting AADSTS90072 (“user … from identity provider ‘mail’ does not exist in tenant …”) because the External ID tenant didn’t have those accounts yet and B2C’s sign-up/user-flow step that would normally provision them failed to complete. Since the errors only showed up between 12:20–12:40 UTC, it was almost certainly a transient glitch in the External ID provisioning pipeline (for example, a brief service hiccup or throttling on the Graph-API call that writes the guest/local user).

    Here’s how you can drill into the “why” and get more detail on exactly what went wrong:

    1. In the Azure portal, switch to your Entra External ID (B2C) tenant.
    2. Under MonitoringSign-up logs, filter by the timestamp (2026-02-27T12:37:26Z) or paste in the Correlation ID/ Request ID that you copied from the error page.
    3. Review the log entry for that request and look for an inner-error or failure code on the “create user” operation.
    4. If you haven’t already, click Enable flagging on the error page and re-run it within 20 minutes. That lifts the logging level so you get a full diagnostic trace.
    5. As a Global Admin, you can also use the Sign-in Diagnostics blade: • Go to Azure AD → Diagnostics → Launch Diagnostic • Search by Correlation ID or Request ID and review the step-by-step call-stack.

    Possible root causes for a short burst of AADSTS90072 errors:

    • A transient outage or throttling between the External ID user-creation pipeline and Microsoft Entra’s Graph service
    • A brief networking or region outage in the control plane
    • Hitting a provisioning quota for guest accounts
    • An auto-update or policy change in your custom user flow around that time

    To rule out broader service issues, check Azure Service Health for any incidents in the same UTC window in the region where your External ID tenant lives.

    If the logs don’t reveal an obvious root cause, let me know:

    • Any modifications to your user-flow or IdP metadata right before 12:20 UTC?
    • Whether you saw any throttling or “too many requests” errors in the sign-up logs?
    • If this has recurred at all or was purely that one 20-minute window?

    Hope that helps you pinpoint what tripped up the user-provisioning step!

    References

    Let us know if you need further assistance.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.