How can we improve Azure Active Directory?

← Azure Active Directory

Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application.

Currently if the logged in users doesnt exist in the Tenant Directory for a given application. The user is shown a very unhelpful page with the following:

Sorry, but we’re having trouble signing you in.
We received a bad request.

The debug error is :
AADSTS50020: User account 'some email address' from external identity provider 'https://sts.windows.net/someguid/' is not supported for application 'https://someappurl'. The account needs to be added as an external user in the tenant. Please sign out and sign in again with an Azure Active Directory user account.

165 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

51 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Annoyed commented  ·   ·  Flag as inappropriate

    When trying to give assistance in Quick Assist, this error was appearing.

    The login was a Skype login, and the error message displayed the associated email address (on our own domain, not an MS related / controlled domain).

    Simply logging out and forgetting the login did not cure the error, however:

    The domain in the identity provider of the error was live.com. By going to that domain in a web browser, and logging in using the failing login (again the Skype ID as the username, not the associated email address), it appears to have created the linked database elements to make logging in successfully on Quick Assist possible again.

    This error is typical of Microsoft's ability to make something harder than it needs to be, as anyone who has compared and contrasted an error while writing C# in VS, and a stack trace in something like Python, will definitely recognise.

    Your mileage may vary, but hopefully it will stop someone from losing their hair early.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Anyone find solution. I’m having the same issue when trying to run the Visio add-in for Excel.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Been experiencing this problem too, any help fixing t would be greatly appreciated. I'm unable to finish the online training for my job because of this.

  • Willem commented  ·   ·  Flag as inappropriate

    I have this problem to when trying to sign in to Microsoft Whiteboard! PLEASE FIX THIS!!!!

  • Tyler commented  ·   ·  Flag as inappropriate

    @luis B all the way. This used to work for us - our guests would click a direct sign-on link, be asked for permission to share information to our tenant, and then they would SSO. Now, they click the link and it says their account does not exist in our tenant (the account does exist). The sign on link has not changed. This was working up to about one month ago.

  • Brandon commented  ·   ·  Flag as inappropriate

    This issue is causing big problems with my clients. We need a solution soon.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Getting the same, what i need to do? just created the premium trail and so far not looking good, need to test the Azure AD capabilities for SSO usage with API and need to confirm it can be taken as part of the infrastructure

  • Nawaz Shareef commented  ·   ·  Flag as inappropriate

    i am also facing the same issue
    when i log in AAD and try to do anything i get this notification error and there seems to be no solution to it.
    see the image.
    I am kind of stuck in this .
    any help regarding the mentioned error will be appreciated.
    Thanks

  • erez commented  ·   ·  Flag as inappropriate

    I would never use microsoft for any project. Trying to create a project and this time, Wunderlist made the mistake of affiliating itself with their tech, here is the result that led me here: http://prntscr.com/o29fj2

    I even put a masked email, that's how much I trust them.

  • Billie Maitland commented  ·   ·  Flag as inappropriate

    When i was asked which state i lived in , it would not accept Tennessee. So therefore i cant continue. Billie Maitland. 11741 Hwy22 Martin Tn. 38237

← Previous 1 3

Azure Active Directory: End user experiences

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice