Step-by-Step Guide to Resolve AADSTS50020
The AADSTS50020 error occurs when a user account from an identity provider does not exist in the target Azure AD tenant. This guide explains the causes and how to resolve it.
This error happens when a guest user attempts to access an Azure AD resource, but their account is not registered in the tenant.
What is the AADSTS50020 Error?
This error happens when a guest user attempts to access an Azure AD resource, but their account is not registered in the tenant.
Typical Error Message
> AADSTS50020: User account '[email protected]' from identity provider {IdP} does not exist in tenant {TenantName}.
Tenant Logs Example
> User account {email} from identity provider {idp} does not exist in tenant {tenant} and cannot access application {appId} ({appName}).
Steps to Fix the Error
1. Update App Registration Manifest
Go to Azure Portal → App registrations → Select your app → Manifest. Update the signInAudience property to one of the following:
- AzureADandPersonalMicrosoftAccount
- AzureADMultipleOrgs
- PersonalMicrosoftAccount
2. Use the Correct Sign-in URL
Depending on your app type:
- Multitenant apps:
https://login.microsoftonline.com/organizations - Multitenant + Personal accounts:
https://login.microsoftonline.com/common - Personal accounts only:
https://login.microsoftonline.com/consumers
3. Sign Out and Retry
Sign out from all sessions and sign in using the correct credentials. Use an incognito/private browser window to avoid cached session conflicts.
4. Invite the Guest User
Ensure the guest account is added to the target tenant to grant proper access.
5. Assign Access in Enterprise Applications
Some enterprise apps require explicit user assignment. Check the app’s settings and assign the user if needed.
6. Use Tenant-Specific Endpoints
For ROPC (Resource Owner Password Credential) flows, use tenant-specific endpoints. Personal accounts cannot authenticate via ROPC.
7. Reset Redemption Status
If the guest account was deleted and re-added, reset the redemption status to resolve access issues.
Baca Juga : Azure AD: Understanding Tenant ID and Admin Roles
| Step | Action |
|---|---|
| 1 | Update app registration manifest signInAudience |
| 2 | Use correct sign-in URL for account type |
| 3 | Sign out and retry in private session |
| 4 | Invite guest user to tenant |
| 5 | Assign users in enterprise apps |
| 6 | Use tenant-specific endpoints for ROPC |
| 7 | Reset redemption status of guest accounts |
"Resolving the AADSTS50020 error ensures seamless guest user access across Azure AD tenants."
By following these steps, administrators can quickly resolve the AADSTS50020 error and enable proper guest access.
Tips: Always verify the domain, endpoint URLs, and guest accounts when troubleshooting Azure AD login issues.
Gg