Reputation: 2420
Azure error AADSTS50020 while loggin in from VS2022
AADSTS50020: User account 'my@email' from identity provider 'https://sts.windows.net/783c0fcf-4d70-4426-9bbc-1e83f8b865b2/' does not exist in tenant 'Default Directory' and cannot access the application '872cd9fa-d31f-45e0-9eab-6e460a02d1f1'(Visual Studio). I am logging in with an account (mine) that is a Global Administrator and owner of that Azure organization. How can I be not authorized? This makes zero sense -__- As a test I invited my other email (on a different domain) as an external guest and the login worked for that account. So I can login as a guest but not as an owner.
Upvotes: 0
Views: 1831
Answers (1)
Reputation: 10859
There maybe relatably few possible causes for this error.
Possible cause 1
Please check if you might have already have an active session that uses a different account (personal) than the one that's intended to be used where you are admin. Or it maybe meant for guest user account.
To see if above is the reason, look for the User account and Identity provider values in the error message. Check if those values match the expected combination .
See if sign in is done by using organization account to your tenant instead of home tenant Or is the login is by using a different personal account than the one that needed to be.
Resolution
To resolve this issue please sign out from active session, then sign in again from a different browser or a private browser session.
Cause 2
Also if you have set Supported account types to Multiple organizations. But if your authentication call is for specific tenant i.e., https://login.microsoftonline.com/tenant name or id. In that case users from other organizations cannot be able to access the application and those users are required to be added as guests in the tenant specified in the request.Maybe this seems to be the reason for as guest account is signed in.
Resolution
So for multiple organizations, authentication request should either be common or organizations ex: https://login.microsoftonline.com/`organizations` or https://login.microsoftonline.com/`common`
Also check Error AADSTS50020 - User account from identity provider does not exist in tenant - Active Directory | Microsoft Docs to troubleshoot in other cases.
Upvotes: 1
Related Questions
- Error AADSTS65001 while getting access token
- How to solve AADSTS700016 error on login with Microsoft account?
- Azure ad login issue we couldn't sign in you
- AADSTS700016: Failed to obtain access token when authenticating to Azure with MSAL
- AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided
- AADSTS75005: The request is not a valid Saml2 protocol message.
- Error Connecting VSTS to AAD
- Microsoft Login Failing:AADSTS70001: Application with identifier was not found in the directory
- AADSTS90093 when signed in as Global Admin
- Login fault for Azure AD