User account does not exist in tenant 'Default Directory'

Question

I am trying to build web application with nextjs and nextauth, therefore I created an app registration on my personal MS account. I am using the AzureADProvider but I get the following error message on https://login.microsoftonline.com/<My project GUID>/login after I entered the credentials of my school email.

AADSTS50020: User account '<My schools email>' from identity provider 'https://sts.windows.net/<School GUID I guess>/' does not exist in tenant 'Default Directory' and cannot access the application '<My app registration>'(<Project name>) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account The goal is to be able to login with my, as well as all other students accounts of our school, so there does not need to be a separate registration and only students can login and the teachers can identify the students by their mail (because most of them would register with crappy mails and usernames :/ ).

Answer 1

I tried to reproduce the same in my environment and got the same error like below:

The error usually occurs if the Azure AD Application is registered as Single-Tenant, but other personal account or other tenant users are trying to login.

To resolve the error, try the below:

I created an Azure AD Application as "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)" like below:

For sample, I used the below authorize endpoint to authenticate users:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345

The user signed-in successfully like below:

Also make sure to use common endpoint to authorize the users.

• If you only want only Azure Active Directory users only to login the register the Application as "Accounts in any organizational directory (Any Azure AD directory - Multitenant)" and make use of organizations endpoint.

If still the issue persists, refer the below MsDoc:

Error AADSTS50020 - User account from identity provider does not exist in tenant - Active Directory