New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Message: AADSTS50020: User account from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '2793995e-0a7d-40d7-bd35-6968ba142197'(My Apps) in that tenant. #57031
Comments
@ansred please link the document that you are following so that we can better assist. |
I'm having the same issue. It only occurs with guest users. When the guest user tries to access the myapps portal, you see the old UI appear for a second, then the guest user receives the "Pick an Account" screen again. When they pick the account, they receive: "Selected user account does not exist in tenant 'Microsoft Services' and cannot access the application '2793995e-0a7d-40d7-bd35-6968ba142197' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account." If they choose "User another account" the error "AADSTS50020: User account '' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '2793995e-0a7d-40d7-bd35-6968ba142197'(My Apps) in that tenant. The account needs to be added as an external user in the tenant first" appears." |
That sound like exactly what I am facing. Have you figured out the steps/KB to use to get that user added as external in the tenant? @MarileeTurscak-MSFT I am looking for a KB still to fix that issue as I asked above, please share one. Thanks |
@ansred I have not figured out the solution yet, but I have ticket open with support. To me, it seems like a Microsoft backend issue thats out of our control. I can access the classic UI fine, as well as my app proxied appilcations both from the UI and direct external URL. This tells me that my guest user is fine. Once I click the "try it" button, I'm asked to pick my user again and then I receive the error. The thing that is really bad is that all guest users seem to be automatically taken to the new experience UI during their invite process. This obviously causes the error and stops them in their tracks. |
@jacksiergiej I totally agree with you and this is a big issue. @MarileeTurscak-MSFT Please advise |
@ansred I just got word from a contact at MS that this is a bug and should now be resolved. However, a new issue has arisen where you're MFA'd each time you access the new experience. For instance, just logging into the portal, you'll be MFA'd twice (once for classic and then as it switches to the new experience, you'll be bounced out at MFA'd again.) If you leave the new experience and return to the Classic UI and then click "Try It" to return to the new experience, you're bounced out again and MFA'd. This should not be happening. "We had a bug introduced late last week which caused some B2B/guest accounts to not work correctly in the new My Apps. We fixed this bug on Monday (6/15), so users with guest accounts should now be able to click "Try it!" and access the new My Apps experience correctly." |
@ansred I heard back from the MyApps product team and the double MFA prompt issue is now bug#2. According to the team "They put in a bug fix request for this and expect to have the double-prompt issue resolved by the end of next week." |
@jacksiergiej that makes sense now, two bugs in one hit. Thanks |
Hi @jacksiergiej , can you please share the bug? I've been trying to track down the right team for this. |
I have reported this to my contacts as well! Will follow-up when I have a response. |
@MarileeTurscak-MSFT Sounds like a plan. Thanks for your help too. For now, I am only using the classic experience - https://account.activedirectory.windowsazure.com/ and not the new/modern https://myapplications.microsoft.com/ To avoid complains by the users. Looking forward to hearing from you soon. |
@ansred how do you stop the classic UI from automatically switching to the new experience? I tried to use https://account.activedirectory.windowsazure.com/, but as soon as I login, the portal automatically switches to the new experience and the URL changes to https://myapplications.microsoft.com/. |
It just works by going directly to either link mentioned. I am not sure if there is an option that is maybe forcing users on your end to use the modern UI? |
Any updates on your side? I can confirm the issue still persists. As a workaround for now, I am only using the classic experience - https://account.activedirectory.windowsazure.com and not the new/modern https://myapplications.microsoft.com |
Since MSA users do not have a home tenant, they will need to use the tenanted version of the url in order to log in to their correct guest tenant. The tenanted url is https://myapplications.microsoft.com/?tenant=<tenant_id> |
Greetings,
I have this issue I am facing when testing the new experience for MyApps in Azure Portal.
So when I am trying to login to the portal, using the classic UI, it works fine.
https://account.activedirectory.windowsazure.com/r#/applications
Here is a screenshot below to show you the successful login attempt.
However, when I am trying to use the experiences MyApps portal
https://myapplications.microsoft.com/
. It throws the following error:
Request Id: e3b964ed-44a5-4c32-a731-c8dc8b979b00 Correlation Id: 4d9e6ecb-4c6d-41c1-8ad6-28b8a39edb91 Timestamp: 2020-06-10T07:38:50Z Message: AADSTS50020: User account 'info@redmedia.org' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '2793995e-0a7d-40d7-bd35-6968ba142197'(My Apps) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Note: When I tried using another user was created in Azure, it works fine for both new and classic UI.
Can someone please explain what it needs to be to give an access to the first user to the new UI portal?
Note: I have this enabled for All Domains.
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations
Note: User Type:
User is having issue with the new UI.
Users are working fine with the new UI.
Thank you!
Anas
The text was updated successfully, but these errors were encountered: