I've a MUTITENAT app on my Azure ActiveDirectory. I'm using it to log in users on my web site.
When redirecting the user, We were using no 'prompt' parameter. We don't like this because if the user is already log in azure and then he click the link: is redirected to azure and then is automatically redirected to my site without accepting anything.
So now, we want the user to accept the permissions. So we are adding 'prompt=consent' parameter when redirecting the user.
The problem is that now every live account that tries to log in, receives an Azure error page with this error message:
AADSTS50020: User account '[email protected]' from identity provider 'live.com' does not exist in tenant 'XXX' and cannot access the application 'xxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
More details about the error and my actual configuration:
- I'm using common endpoints to call the api(/common/oauth2/authorize and /common/oauth2/token)
- I've also try to log in even when a live account that was on my tenant. It's also failing
- Also, when I try to log in with an Azure account (whether is on my tenant or a different tenant) it works fine (redirecting the user to my website with code parameter).
