AADSTS50020: User from Identity Provider does not exist in Tenant

Posted on Christian By Christian No Comments on AADSTS50020: User from Identity Provider does not exist in Tenant
AADSTS50020_ User from Identity Provider does not exist in Tenant

In this article, we shall discuss how to fix “AADSTS50020: User from Identity Provider does not exist in Tenant”. The error code AADSTS50020 gets returned if a user/guest user from an identity provider (IdP) can’t sign in to a resource tenant in Microsoft Entra ID. Microsoft has documented different use-cases which might be relevant to you. Please see “How to add and verify a custom domain name to Azure Active Directory“, and how to Move Azure Resources between Subscriptions.

As mentioned in the use-case above, none of these errors are applicable to me as I was using the default user account created for Entra ID <tenantname>.onmicrosoft.com. I also, tried using a user account associated with the custom domain as shown below. Yet, it did not work.

AADSTS50020 User account

Also, see Delete Azure Tenant: Remove Custom Domain from Entra ID, “Microsoft Azure Active Directory: How to setup Azure AD Tenant“, and “How to implement Interactive Authentication using MSAL dotNET“.

Root Issue for AADSTS50020: User from Identity Provider does not exist in Tenant

Cookies can affect authentication processes, including the error AADSTS50020: User from Identity Provider does not exist in Tenant. But might not be the cause for you as it are not the primary cause of this error.

Please see the link shared above from Microsoft for more information. Below are primary cause of the error (AADSTS50020)

  • A user is attempting to sign in to an Azure AD application or service but is not a member of the specified Azure AD tenant.
  • The application is configured for single-tenant use, but the user is from a different tenant (e.g., external users).
  • Misconfigured Identity Provider (IdP) settings or incorrect tenant configurations in the Azure AD application.

Resolution

Since cookies store session information and identity tokens during authentication, it can lead to Cross-Tenant Confusion.

If you have logged in to multiple Azure tenants or used multiple accounts in the same browser session, cookies might cause the browser to use an incorrect account or session, leading to the error due to cached session tokens.

To fix this, I will have to clear my browsing data as shown below.

clear cookies

Since I am on Chrome, I will select the time rang. I will also ensure the tab for cookies and other site data is selected.

delete cookies
Clear cookies and cache from the browser to remove stale session tokens and ensure a fresh authentication process

Initiate the sign-in process again. Then the error “AADSTS50020: User from Identity Provider does not exist in Tenant” will be gone.

Access Azure Portal

I hope you found this article useful on “AADSTS50020: User from Identity Provider does not exist in Tenant”. Please feel free to leave a comment below.

5/5 - (1 vote)
AWS/Azure/OpenShift Tags:, ,

Related Posts

More Related Articles

Webp.net resizeimage 4 Create a Service Fabric Cluster using the Azure Stack Hub portal and the CLI AWS/Azure/OpenShift
oauth2final How to implement Interactive Authentication using MSAL dotNET AWS/Azure/OpenShift
add subheading 5 4 Access EC2 Linux Instance via the Password AWS/Azure/OpenShift
Deploy static website to azure blog storage Deploy a Static Website to Azure Storage from VSCode AWS/Azure/OpenShift
keyvault How To Use Azure Key Vault Secrets in Azure Pipelines AWS/Azure/OpenShift
ADO Self hosted agent How to Create Self-Hosted Agent for Azure DevOps Pipelines Automation

Leave a Reply