How to Fix AADSTS90072: User account does not exist in tenant

Error message

AADSTS90072: User account '<user>' from identity provider '<idp>' does not exist in tenant '<tenant>' and cannot access the application.

If you're seeing "AADSTS90072: User account does not exist in tenant", you're not alone. Here's what it means, why it happens, and the steps to resolve it.

Ad placeholder · slot error-mid

What this error means

The user successfully authenticated to their home tenant, but the app they're trying to access lives in a different tenant where they have no account or guest invitation.

Why this happens

Most often this is a multi-tenant or B2B scenario where the guest hasn't been invited (or hasn't redeemed their invite), or the user is signing in to the wrong tenant URL.

Step-by-step fix

Confirm which tenant the app expects sign-ins for (the tenant ID in the authority URL).
2
If the user should be a guest, invite them via Entra → Identity → External Identities → All users → Invite external user.
command
```
New-MgInvitation -InvitedUserEmailAddress 'guest@partner.com' -InviteRedirectUrl 'https://your-app/' -SendInvitationMessage:$true
```
Have the guest open the invitation email and complete the redemption flow before retrying sign-in.
If the app is intended to be multi-tenant, set its 'Supported account types' to 'Accounts in any organizational directory' in the app registration.

Affected products

Entra ID

Still broken? Try these

Check if Cross-tenant access settings on either side block the partner tenant.
Ensure the user is signing in with their work account, not a personal Microsoft account.
If using B2B Direct Connect (e.g. shared channels), confirm both tenants opted in.

Ad placeholder · slot error-bottom

Related errors

Frequently asked questions

What does "AADSTS90072: User account does not exist in tenant" mean?

The user successfully authenticated to their home tenant, but the app they're trying to access lives in a different tenant where they have no account or guest invitation.

What causes "AADSTS90072: User account does not exist in tenant"?

Most often this is a multi-tenant or B2B scenario where the guest hasn't been invited (or hasn't redeemed their invite), or the user is signing in to the wrong tenant URL.

How do I fix "AADSTS90072: User account does not exist in tenant"?

1. Confirm which tenant the app expects sign-ins for (the tenant ID in the authority URL). 2. If the user should be a guest, invite them via Entra → Identity → External Identities → All users → Invite external user. 3. Have the guest open the invitation email and complete the redemption flow before retrying sign-in. 4. If the app is intended to be multi-tenant, set its 'Supported account types' to 'Accounts in any organizational directory' in the app registration. Always test changes in a non-production environment first.

Browse more errors in Entra ID: Fix Microsoft Entra ID (Azure AD) errors. AADSTS error codes, admin consent, app role assignment, Conditional Access, and user lookup problems. Or paste your own error into the error decoder tool to find a match. You can also go back to the homepage to browse common errors by topic.