AADSTS50020: User from Identity Provider does not exist in Tenant

Posted on Christian By Christian No Comments on AADSTS50020: User from Identity Provider does not exist in Tenant
AADSTS50020_ User from Identity Provider does not exist in Tenant

In this article, we shall discuss how to fix “AADSTS50020: User from Identity Provider does not exist in Tenant”. The error code AADSTS50020 gets returned if a user/guest user from an identity provider (IdP) can’t sign in to a resource tenant in Microsoft Entra ID. Microsoft has documented different use-cases which might be relevant to you. Please see “How to add and verify a custom domain name to Azure Active Directory“, and how to Move Azure Resources between Subscriptions.

As mentioned in the use-case above, none of these errors are applicable to me as I was using the default user account created for Entra ID <tenantname>.onmicrosoft.com. I also, tried using a user account associated with the custom domain as shown below. Yet, it did not work.

AADSTS50020 User account

Also, see Delete Azure Tenant: Remove Custom Domain from Entra ID, “Microsoft Azure Active Directory: How to setup Azure AD Tenant“, and “How to implement Interactive Authentication using MSAL dotNET“.

Root Issue for AADSTS50020: User from Identity Provider does not exist in Tenant

Cookies can affect authentication processes, including the error AADSTS50020: User from Identity Provider does not exist in Tenant. But might not be the cause for you as it are not the primary cause of this error.

Please see the link shared above from Microsoft for more information. Below are primary cause of the error (AADSTS50020)

  • A user is attempting to sign in to an Azure AD application or service but is not a member of the specified Azure AD tenant.
  • The application is configured for single-tenant use, but the user is from a different tenant (e.g., external users).
  • Misconfigured Identity Provider (IdP) settings or incorrect tenant configurations in the Azure AD application.

Resolution

Since cookies store session information and identity tokens during authentication, it can lead to Cross-Tenant Confusion.

If you have logged in to multiple Azure tenants or used multiple accounts in the same browser session, cookies might cause the browser to use an incorrect account or session, leading to the error due to cached session tokens.

To fix this, I will have to clear my browsing data as shown below.

clear cookies

Since I am on Chrome, I will select the time rang. I will also ensure the tab for cookies and other site data is selected.

delete cookies
Clear cookies and cache from the browser to remove stale session tokens and ensure a fresh authentication process

Initiate the sign-in process again. Then the error “AADSTS50020: User from Identity Provider does not exist in Tenant” will be gone.

Access Azure Portal

I hope you found this article useful on “AADSTS50020: User from Identity Provider does not exist in Tenant”. Please feel free to leave a comment below.

5/5 - (1 vote)
AWS/Azure/OpenShift Tags:, ,

Related Posts

More Related Articles

How to Manage Azure Virtual Machines with Windows Admin Center and Serial Console​ Manage Azure Virtual Machine with Windows Admin Center and Serial Console AWS/Azure/OpenShift
Deploy to ACI Create Azure Container instance to deploy your image to Azure using Azure CLI AWS/Azure/OpenShift
Webp.net resizeimage 5 How to Improve Website Response Using Traffic Manager AWS/Azure/OpenShift
Veeam Backup for Microsoft Azure Set up Veeam Backup for Microsoft Azure AWS/Azure/OpenShift
cloudqueryfeature How to Manage Cloud Assets in AWS with CloudQuery AWS/Azure/OpenShift
How to configure Azure container register with secured connection with container apps Configure Azure Container Registry for a secure connection with Azure Container Apps AWS/Azure/OpenShift

Leave a Reply