This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 16%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOM%3C/text%3E%3C/svg%3E)
Hello,
I am trying to integrate sign-in with Azure-ad using Next Auth. I followed all of the instructions in https://next-auth.js.org/providers/azure-ad and created a new application with the signInAudience set to AzureADandPersonalMicrosoftAccount. However, I am getting the following error when I try to login with my personal Microsoft account:
AADSTS50020: User account 'example@example.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '123ba67-123a-1b34-1a34-123abc456'(example) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
I have looked at the Microsoft documentation on this issue https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts50020-user-account-identity-provider-does-not-exist but none of the solutions mentioned in the article fixed this issue.
Any ideas on what I could be missing here?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 13%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Hello Oliver Moscow
Thank you for contacting the Microsoft community Q&A support.
You are experiencing this issue because the user account you are trying to authenticate with doesn't exist in the tenant where you created the application.
From the error above, you are trying to authenticate with a personal account (live account) that doesn't exist in the tenant. You have to invite the user account to the tenant where you created the app registration by inviting the user account as a guest.
Follow this link for more information https://learn.microsoft.com/en-us/entra/external-id/b2b-quickstart-add-guest-users-portal
You can create a work account in the tenant and authenticate with this user.
Let me know if further assistance is needed.
Babafemi
Hey Babafemi,
Thanks for your answer. I am aware that I can invite users but I would like to allow anyone with a Microsoft account to login to my app without having to invite them to the tenant first. Is this possible?
Hello Babafemi,
Thanks for your answer. I am aware that I can invite external users but I would like to allow anyone with a Microsoft account to login to my web app. Is this possible?
Hello Oliver,
Thank you for the clarification. Let me explain how this works.
Creating your application in the Azure tenant will only allow users who have access to your organization (either by creation or by invitation) to access your application. This is because this application has been created within your Organization and only members of your organization will have access to the application.
Based on your explanation, you want to allow users to be able to authenticate to the application without being a member of the organization. Then, you have to leverage Azure B2C for authentication purposes. Azure B2C is a Business-to-consumer technology that allows consumer users to access your applications without the need to be part of the organization.
Follow this link below for more information
https://learn.microsoft.com/en-us/azure/active-directory-b2c/overview
Below is the process you need to go through to achieve this setup
Please note that there are different options: the built-in and the custom. The Built-in option should be enough for your scenario.
NB: To use this, you need to create a different tenant (the B2C tenant) which is different from the regular Azure tenant.
Let me know if further assistance is needed.
Babafemi
Hey,
Thanks, I set up a B2C tenant and user flow that seems to be working... However, I cannot figure out how to integrate this with next auth.
https://next-auth.js.org/providers/azure-ad
Is there a way to set up my app registration so that it redirects to the next auth endpoint https://yourapplication.com/api/auth/callback/azure-ad rather than https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp?
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Hello Oliver,
Since you are currently leveraging Azure B2C for this authentication based on your scenario, take a look at this documentation on how to go about this. https://next-auth.js.org/providers/azure-ad-b2c
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Oliver Moscow have you set your reply URL to https://yourapplication.com/api/auth/callback/azure-ad in your app registration?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 97%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Bom dia Prezado.
No meu caso, o usuario faz parte do locatorio, mais ainda assim enfrento este erro.
Pois eu consigo realizar o login via OneDrive online, mais na APP OneDrive, recentemente parou de sincronizar as pastas e aí pediu para que eu fizesse novamente o login, mais ao tentar efetuar o login apresenta este erro aadsts50020 onedrive.
ATt,