AADSTS50020: User from Identity Provider does not exist in Tenant

Posted on Christian By Christian No Comments on AADSTS50020: User from Identity Provider does not exist in Tenant
AADSTS50020_ User from Identity Provider does not exist in Tenant

In this article, we shall discuss how to fix “AADSTS50020: User from Identity Provider does not exist in Tenant”. The error code AADSTS50020 gets returned if a user/guest user from an identity provider (IdP) can’t sign in to a resource tenant in Microsoft Entra ID. Microsoft has documented different use-cases which might be relevant to you. Please see “How to add and verify a custom domain name to Azure Active Directory“, and how to Move Azure Resources between Subscriptions.

As mentioned in the use-case above, none of these errors are applicable to me as I was using the default user account created for Entra ID <tenantname>.onmicrosoft.com. I also, tried using a user account associated with the custom domain as shown below. Yet, it did not work.

AADSTS50020 User account

Also, see Delete Azure Tenant: Remove Custom Domain from Entra ID, “Microsoft Azure Active Directory: How to setup Azure AD Tenant“, and “How to implement Interactive Authentication using MSAL dotNET“.

Root Issue for AADSTS50020: User from Identity Provider does not exist in Tenant

Cookies can affect authentication processes, including the error AADSTS50020: User from Identity Provider does not exist in Tenant. But might not be the cause for you as it are not the primary cause of this error.

Please see the link shared above from Microsoft for more information. Below are primary cause of the error (AADSTS50020)

  • A user is attempting to sign in to an Azure AD application or service but is not a member of the specified Azure AD tenant.
  • The application is configured for single-tenant use, but the user is from a different tenant (e.g., external users).
  • Misconfigured Identity Provider (IdP) settings or incorrect tenant configurations in the Azure AD application.

Resolution

Since cookies store session information and identity tokens during authentication, it can lead to Cross-Tenant Confusion.

If you have logged in to multiple Azure tenants or used multiple accounts in the same browser session, cookies might cause the browser to use an incorrect account or session, leading to the error due to cached session tokens.

To fix this, I will have to clear my browsing data as shown below.

clear cookies

Since I am on Chrome, I will select the time rang. I will also ensure the tab for cookies and other site data is selected.

delete cookies
Clear cookies and cache from the browser to remove stale session tokens and ensure a fresh authentication process

Initiate the sign-in process again. Then the error “AADSTS50020: User from Identity Provider does not exist in Tenant” will be gone.

Access Azure Portal

I hope you found this article useful on “AADSTS50020: User from Identity Provider does not exist in Tenant”. Please feel free to leave a comment below.

5/5 - (1 vote)
AWS/Azure/OpenShift Tags:, ,

Related Posts

More Related Articles

Azure CI CD Pipeline CI/CD Pipeline: Your First in Azure DevOps with ASP.Net Core AWS/Azure/OpenShift
S3 Bucket Public Access 1 How to grant public access to S3 Bucket using Policy AWS/Azure/OpenShift
APIFEATURE Benefits of Azure API Management and how to create an API instance AWS/Azure/OpenShift
Azure Backup For AKS How to protect Azure Kubernetes Service (AKS) with Azure Backup AWS/Azure/OpenShift
feature functionapp Deploy a function app from Visual Studio to Azure Platform AWS/Azure/OpenShift
DevOps Create an App Service Plan with Continuous Deployment to deploy a .NET Application from GitHub AWS/Azure/OpenShift

Leave a Reply