I've been connecting to Azure through the Portal for a month or two. Today I went to connect and kept getting the following error:
"User account you used to sign in is not supported for this application. Please use a different account to sign in."
I searched for this error and every post I found was related to accessing Azure through Visual Studio and a problem with Update 4. I'm not using Visual Studio just trying to connect through the browser.
One of our other developers can successfully login using the same userid/password. I tried a few things...rebooting and logging in immediately before opening any other apps...tried login from a virtual but same problem occurred every time.
The other developer mentioned it could have something to do with Office 365. I think this is the first time that I have tried to login since we installed Office 365 last week. I use a different userid for Office 365. So I tried my Office 365 userid and it successfully logged in to Azure. I then tried entering a dummy yahoo email as the userid as a test. This resulted in me being taken to the "Login Live" webpage. The login failed as expected (unkown userid). But I then tried my Azure userid on this page and it was successful logging in to Azure.
Can anyone suggest why I can't login through the Portal ? Is there some sort of a conflict between the Office 365 user and the Azure login ?
Anthony.
Your scenario will arise if your previous account uses the same domain as is now hosted on Office 365. The Azure Portal login page will do "home realm discovery" based on your email "bob#example.com" and if it finds an Azure AD instance (used for Office 365 auth) then you will be directed to the Azure AD login page. If that email doesn't exist in Azure AD then the login will fail.
You should be able to use your Office 365 login to gain access though the username will need to be added as an Azure co-admin.
If you want to use your old account what you'll need to do in the Azure Portal login page is type "somethingrandom#hotmail.com" which will force you to the Microsoft Account login page. On that page put your old email address and password and you should be able to login.
I wrote a blog about this sitation which may explain it better than the above.
Have you tried clearing all the saved cookies on your computer first, then trying again?
Related
I want to access the outlook API with a Python application. I followed this guide but quickly ran into authentication issues. Tried it with my existing private Microsoft account and with a new created account, but ran into authentication issues quickly. Whenever I try to do anything in the portal, I get this message:
Already checked in with the general Microsoft support. They directed me towards Azure support, but I can't reach anybody there.
I tried to reproduce the same in my environment and got the same error as below:
The error usually occurs if the Microsoft personal account is not added as an external/guest user to an Azure AD tenant.
To resolve the error, contact the Global admin to invite the account as a guest user like below:
Once the admin invites, you will get an email notification to accept the invitation like below:
After accepting the invite, the Personal Microsoft account will be added to the tenant successfully like below:
And now you will be able to access the Azure Portal without any issue and you can also create your own tenant to have admin access.
If still the issue persists, try the below:
Sign out from the active session and sign in incognito window or any different browser.
Clear browser cache and cookies and try.
Confirm whether the admin has set any External user settings that is restricting the access:
Reference:
Error AADSTS50020 - User account from identity provider does not exist in tenant - Active Directory
When looking into the Build Python apps with Microsoft Graph tutorial that you followed, one of the pre-requisites mentioned signing up for the Microsoft 365 Developer Program to get a free Microsoft 365 subscription. After you sign-up, you'll need to use the Microsoft 365 developer sandbox credentials in order to continue following the tutorial without having to leverage your own Azure AD tenant or subscription (pay-as-you-go).
Build Python apps with Microsoft Graph:
Join the Microsoft 365 Developer Program
Deploy the Developer Sandbox
Using the Microsoft 365 Developer subscription(s) info you'll be able to login to the Azure Portal or Azure Active Directory admin center.
Note: You can navigate to your developer tenant using - https://aad.portal.azure.com/<<SandboxTenantName>>.onmicrosoft.com, or when prompted to sign in use your sandboxes' admin account.
If you only signed up for a new personal Microsoft account (Outlook), you'll notice that once you sign into the Azure AD Admin Center, your Outlook.com user isn't associated with any Azure tenants, and you'll run into the authentication issue error message that you referenced, so you'll have to create your own Azure AD tenant by signing up for an Azure Free Trial or Pay-as-you-go.
I hope this helps!
I am trying to set up a new Web Application in Visual Studio using Microsoft authentication.
I have created a new Tenant in portal.azure.com. My issue is, every page I visit in the Azure Portal, including my profile, I receive a 403 error.
The only function I am able to perform is creating a new App Registration.
When I try to authentication in the Web Application, I receive the error "Selected user account does not exist in tenant".
I am confused with how to add the account that created the Tenant to it without the required permissions.
Does anybody know how I can go about resolving this issue?
TIA.
Error means that the logged in email address you are trying to use to link to is not yet added to your new tenant. Please make sure that the work email address is added in that tenant, if it is not admin.
If you have added the account to tenant or you are the admin itself , please refresh and try again.
Sign out and clear all cookies .
Try using a Microsoft Edge "InPrivate"/ Incognito browser and check if you are signing into correct tenant and switch the tenant and try to access the app.
If you have the same account with matching your personal account ,try to change it and add as Microsoft account .
Try to login with common endpoint https://login.microsoftonline.com/common, if it is personal account and app is multitenant.
If above doesn’t solve the issue see This document which lists several causes to find yours.
References:
azure active directory - Selected user account does not exist in tenant 'UserVoice, Inc.' - Stack Overflow
azure - Microsoft Graph Identity Java - Selected user account does not exist in tenant 'Microsoft Services' - Stack Overflow
Related to the outlook add-in for Acumatica... When our users try to authenticate with their azure login, we see the following error.
https://www.dropbox.com/s/le7t3ez5ua69qls/Screenshot%202020-04-23%2019.18.52.png?dl=0
NOTE:
we have 2 factor authentication on for our users through office 365, but i don't think that is the issue as i disabled and also tried using a app password which would bypass the 2 factor
we have customized the outlook plugin and it works just fine when use a regular login (direct username and pwd into acumatica as opposed to using single sign on)
We are running Acumatica 2020 R1, and have this working. I am not sure if it will work in 2019R1, but you can give it a try.
Our environment is synced with Local AD through Azure AD Connect. We have seamless SSO enabled with Passthrough Authentication, and the group policy trust enabled for the workstations. This allows the users to sign into office 365 from their domain controlled computers.
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
When we enable automatic signon through AzureAD in the web.config, it works like a charm. We had issues in previous versions of Acumatica with our ADFS deployment. To enable automatic SSO in Acumatica you can modify your web.config:
<externalAuth authUrl="Frames/AuthDock.ashx" silentLogin="Federation" externalLogout="True" selfAssociate="True" instanceKey="" claimsAuth="False">
I would give this a try on off hours to see if it works with Outlook, and maybe change your production instance to sign in this way. You can always get to the login page by visiting https://acumaticainstance/Frames/Login.aspx?SilentLogin=None
Maybe setting auto signin will fix outlook and be easier for those users, and be more beneficial than the non-azure users?
I am trying to connect One Login to office 365 in order to control the users of Azure from One Login. The idea it is that One Login would be the source of trouth and would sync with azure ad. I did the steps on the tutorial to connect to Office 365 described here
But I still get the errors
When trying to federate
AADSTS50107: Requested federation realm object 'https://app.onelogin.com/saml/metadata/#REDACTEDNUMBER#' does not exist.
If I go to this link I can download the file with success.
And I got this error when trying to sync users.
#NAME REDACTED# could not be provisioned in Office 365 Azure: Error for create or update a user #NAME REDACTED# an error occurred while processing this request.{"odata.error":{"code":"request badrequest","message":{"lang":"en","value":"property userprincipalname is invalid."},"date":"2018-01-03t16:39:08","requestid":"#GUID REDACTED#","values":[{"item":"propertyname","value":"userprincipalname"},{"item":"propertyerrorcode","value":"invalidvalue"}]}}
Do anyone knows how to solve that, or had similar problem?
I need the token in order to use office api discovery service (https://api.office.com/discovery/) to find SharePoint root url.
Is it possible to get access to Azure AD token from add-ins (Outlook/Office)?
Edit(To make things more clear):
As I'm building a multi-tenant Azure hosted app that should be launched via add-ins, I will have to force users to log-in in popup and give consent for application. Login is mandatory since in office add-in's we cannot find out who the logged in user is.
You can follow the documentation here on how to retrieve an authorization token - https://graph.microsoft.io/en-us/docs/platform/rest from Azure AD for the use of finding the root URL - also you can use the Microsoft Graph, which is the newer version of the Discovery service (more details about it again at the link provided).