IT Error Decoder
Entra ID

How to Fix Entra ID sign-in error AADSTS50020

Last reviewed

Error message

AADSTS50020: User account from identity provider does not exist in tenant <tenant> and cannot access the application.

AADSTS50020 is the multi-tenant cousin of 50034. The sign-in succeeded somewhere — just not in the tenant the app expects.

What this error means

The user authenticated against their home identity provider, but the application's tenant doesn't have an account or guest invitation for them.

Why this happens

Most often a guest user who hasn't been invited, a multi-tenant app where the user's home tenant isn't allowed, or a federation misconfiguration.

Quick fix (for end users)

  • Have an admin invite the user as a guest in your tenant.
  • Make sure the user accepts the guest invitation email before retrying.

Admin / engineer fix

  • Send a B2B invitation.

    command
    New-MgInvitation -InvitedUserEmailAddress 'partner@example.com' -InviteRedirectUrl 'https://your-app/' -SendInvitationMessage:$true

  • Check Cross-tenant access settings in Entra → Identity → External Identities to make sure the partner tenant isn't blocked.

Step-by-step fix

  1. Confirm the app's expected tenant.

  2. Invite the user (or fix multi-tenant config).

  3. Have the user redeem the invitation, then sign in again.

Affected products

Microsoft Entra ID

Common variations of this error

People also see these phrasings of the same problem:

  • AADSTS50020: User from identity provider does not exist in tenant

Still broken? Try these

  • Verify the app's 'Supported account types' isn't set to 'Single tenant' if you intend cross-tenant use.
  • Check Cross-tenant access settings on both sides.

Related errors

Related searches

  • aadsts50020 guest user
  • entra b2b invitation

Frequently asked questions

What does "Entra ID sign-in error AADSTS50020" mean?

The user authenticated against their home identity provider, but the application's tenant doesn't have an account or guest invitation for them.

What causes "Entra ID sign-in error AADSTS50020"?

Most often a guest user who hasn't been invited, a multi-tenant app where the user's home tenant isn't allowed, or a federation misconfiguration.

How do I fix "Entra ID sign-in error AADSTS50020"?

1. Confirm the app's expected tenant. 2. Invite the user (or fix multi-tenant config). 3. Have the user redeem the invitation, then sign in again. Always test changes in a non-production environment first.

Browse more errors in Entra ID: Fix Microsoft Entra ID (Azure AD) errors. AADSTS error codes, admin consent, app role assignment, Conditional Access, and user lookup problems. Or paste your own error into the error decoder tool to find a match. You can also go back to the homepage to browse common errors by topic.