How can we improve Azure Active Directory?

← Azure Active Directory

Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application.

Currently if the logged in users doesnt exist in the Tenant Directory for a given application. The user is shown a very unhelpful page with the following:

Sorry, but we’re having trouble signing you in.
We received a bad request.

The debug error is :
AADSTS50020: User account 'some email address' from external identity provider 'https://sts.windows.net/someguid/' is not supported for application 'https://someappurl'. The account needs to be added as an external user in the tenant. Please sign out and sign in again with an Azure Active Directory user account.

183 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

57 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Matthew commented  ·   ·  Flag as inappropriate

    Not sure if this helps with this particular issue but I think it might be related. What I had was two accounts listed under the 'Accounts used by other apps' under the 'Email and accounts' settings, one of which was a Google account somehow. Since I could delete it directly there, I went to 'Access work or school' under 'Accounts' and disconnected the Google account. Then everything was able to work again. Hope that helps someone.

  • Imran commented  ·   ·  Flag as inappropriate

    Did anyone get the solution for this issue? I keep getting the issue whenever I restart my computer.

  • Michael commented  ·   ·  Flag as inappropriate

    I can give some information at least for the person who asked for the visio add-in. I had the same problem. I have an office 365 home subscription and I could not log into the visio add-in. What I learned from MS support is that the visio add-in doesn't work with a home subscription of office. You need a business license which is registered with an azure account. Therefore there is no solution. The only solution is to subscribe for a business license of office 365. To clarify you can still use the visio add-in without logging in but you only get the full functionality if you sign in.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Same error here please fix. It's just ridiculous that people using microsoft in one company are not able to use an other companys application which are also using microsoft.

  • Nikhil commented  ·   ·  Flag as inappropriate

    For those who are still getting this error, app requesting login should use v2 endpoints oauth2/v2.0/authorize and oauth2/v2.0/token.

  • Annoyed commented  ·   ·  Flag as inappropriate

    When trying to give assistance in Quick Assist, this error was appearing.

    The login was a Skype login, and the error message displayed the associated email address (on our own domain, not an MS related / controlled domain).

    Simply logging out and forgetting the login did not cure the error, however:

    The domain in the identity provider of the error was live.com. By going to that domain in a web browser, and logging in using the failing login (again the Skype ID as the username, not the associated email address), it appears to have created the linked database elements to make logging in successfully on Quick Assist possible again.

    This error is typical of Microsoft's ability to make something harder than it needs to be, as anyone who has compared and contrasted an error while writing C# in VS, and a stack trace in something like Python, will definitely recognise.

    Your mileage may vary, but hopefully it will stop someone from losing their hair early.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Anyone find solution. I’m having the same issue when trying to run the Visio add-in for Excel.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Been experiencing this problem too, any help fixing t would be greatly appreciated. I'm unable to finish the online training for my job because of this.

  • Willem commented  ·   ·  Flag as inappropriate

    I have this problem to when trying to sign in to Microsoft Whiteboard! PLEASE FIX THIS!!!!

  • Tyler commented  ·   ·  Flag as inappropriate

    @luis B all the way. This used to work for us - our guests would click a direct sign-on link, be asked for permission to share information to our tenant, and then they would SSO. Now, they click the link and it says their account does not exist in our tenant (the account does exist). The sign on link has not changed. This was working up to about one month ago.

  • Brandon commented  ·   ·  Flag as inappropriate

    This issue is causing big problems with my clients. We need a solution soon.

← Previous 1 3

Azure Active Directory: End user experiences

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice