Share via

account issue

Kelsey Hillton 0 Reputation points
2026-05-29T07:37:33.0433333+00:00

Request Id: [Moderator note: Personally Identifiable Information removed]  

Correlation Id: [Moderator note: Personally Identifiable Information removed]  

Timestamp: 2026-05-29T07:18:05Z

Message: AADSTS90072: User account '[Moderator note: Personally Identifiable Information removed]  @icloud.com' from identity provider 'live.com' does not exist in tenant 'Asda Stores Limited' and cannot access the application 'http://www.workday.com/prod'(Workday) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account

Microsoft 365 and Office | Subscription, account, billing | For business | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rin-L 21,360 Reputation points Microsoft External Staff Moderator
    2026-05-29T08:36:33.35+00:00

    Hi @Kelsey Hillton

    I’m really glad to help you look into this. 

    From what you shared, the error AADSTS90072 usually means the account you’re trying to sign in with isn’t recognized within the Asda Stores Limited tenant. In other words, the system doesn’t see your account as part of that organization, so it won’t allow access to the Workday app. 

    It looks like the account you used hasn’t been set up in their environment yet. Because of that, Microsoft Entra ID is blocking the sign-in attempt. 

    The best way forward here would be to reach out to the IT admin or support team at Asda, since they’re the ones who have the necessary administrative access to manage user accounts in their tenant. They’ll be able to either provide you with the correct work account to sign in with, or help invite your current account as a guest or external user. Once that’s been set up, just sign out and sign back in again, and it should work as expected.

    User's image

    I hope this helps you get a clearer direction on what’s going on and where to go next.

    If anything is still unclear or you run into something else, feel free to come back and share more details, I am always here to support you. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.  

    Was this answer helpful?

  2. AI answer

    2026-05-29T07:37:46.52+00:00

    The error means the iCloud account from identity provider live.com is not recognized as a user in the Microsoft Entra tenant Asda Stores Limited, so it cannot access the Workday application in that tenant.

    There are two common ways to resolve this, depending on what is intended:

    1. The iCloud (personal Microsoft) account is supposed to be used as a guest in Asda’s tenant
      • The Asda tenant admin must invite the @icloud.com account as a guest user into the Asda Stores Limited Entra ID tenant.
      • After the invitation is accepted, the admin must ensure that this guest user is assigned access/permissions to the Workday application.
      • Then sign out of all Microsoft sessions, open a new private/incognito browser window, and sign in again using the invited @icloud.com account.
    2. The account used is wrong for this tenant/application
      • Workday for Asda is likely intended to be accessed with an organizational account from the Asda Stores Limited tenant, not a personal @icloud.com account.
      • Sign out of all Microsoft sessions in the browser.
      • Open a new in-private/incognito browser session.
      • Sign in again using the correct Asda work account (for example, the corporate email address provided by Asda) instead of the @icloud.com account.

    If the application is configured as multitenant and should accept personal Microsoft accounts, the app’s sign-in URL/authority must match the supported account type:

    • For multitenant and personal accounts: https://login.microsoftonline.com/common
    • For personal accounts only: https://login.microsoftonline.com/consumers

    If the app is currently using a tenant-specific authority such as https://login.microsoftonline.com/AsdaTenantID, users from other organizations or personal accounts will not be able to sign in unless they are added as guests in that tenant.

    In summary, either the @icloud.com account must be invited as a guest and granted access, or the correct Asda organizational account must be used, and sign-in should be retried from a clean/private browser session.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.