Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application.
Currently if the logged in users doesnt exist in the Tenant Directory for a given application. The user is shown a very unhelpful page with the following:
Sorry, but we’re having trouble signing you in.
We received a bad request.
The debug error is :
AADSTS50020: User account 'some email address' from external identity provider 'https://sts.windows.net/someguid/' is not supported for application 'https://someappurl'. The account needs to be added as an external user in the tenant. Please sign out and sign in again with an Azure Active Directory user account.
When trying to give assistance in Quick Assist, this error was appearing.
The login was a Skype login, and the error message displayed the associated email address (on our own domain, not an MS related / controlled domain).
Simply logging out and forgetting the login did not cure the error, however:
The domain in the identity provider of the error was live.com. By going to that domain in a web browser, and logging in using the failing login (again the Skype ID as the username, not the associated email address), it appears to have created the linked database elements to make logging in successfully on Quick Assist possible again.
This error is typical of Microsoft's ability to make something harder than it needs to be, as anyone who has compared and contrasted an error while writing C# in VS, and a stack trace in something like Python, will definitely recognise.
Your mileage may vary, but hopefully it will stop someone from losing their hair early.
Anyone find solution. I’m having the same issue when trying to run the Visio add-in for Excel.
Been experiencing this problem too, any help fixing t would be greatly appreciated. I'm unable to finish the online training for my job because of this.
I have this problem to when trying to sign in to Microsoft Whiteboard! PLEASE FIX THIS!!!!
Mandikro Islam commented
please fix this its so dum
Dito, i get the same Message....
Very unhelpful error and no fix anywhere :(
@luis B all the way. This used to work for us - our guests would click a direct sign-on link, be asked for permission to share information to our tenant, and then they would SSO. Now, they click the link and it says their account does not exist in our tenant (the account does exist). The sign on link has not changed. This was working up to about one month ago.
Microsoft is a bloody joke. Fix this.
This issue is causing big problems with my clients. We need a solution soon.
I am also facing the same issue. Please help me how to resolve this issue
Michaeldominic45@mail.com is account pls help me out
I haveproblem with my account plz help
Getting the same, what i need to do? just created the premium trail and so far not looking good, need to test the Azure AD capabilities for SSO usage with API and need to confirm it can be taken as part of the infrastructure
Nawaz Shareef commented
i am also facing the same issue
when i log in AAD and try to do anything i get this notification error and there seems to be no solution to it.
see the image.
I am kind of stuck in this .
any help regarding the mentioned error will be appreciated.
I would never use microsoft for any project. Trying to create a project and this time, Wunderlist made the mistake of affiliating itself with their tech, here is the result that led me here: http://prntscr.com/o29fj2
I even put a masked email, that's how much I trust them.
Billie Maitland commented
When i was asked which state i lived in , it would not accept Tennessee. So therefore i cant continue. Billie Maitland. 11741 Hwy22 Martin Tn. 38237