I am working on an app that manages azure resources for customers (provision VMs, create VNets).
We have created a multi-tenant application in the azure portal that is configured for Delegated permissions of Windows Azure Service Management API and Windows Azure Active Directory.
We are able to login AAD based account without a problem. But when a live.com based account logs in, the user gets a AADSTS50020 error.
We for the login, we are navigating to https://login.microsoftonline.com/common/OAuth2/Authorize with the following parameters:
client_id=XXX&response_mode=query&response_type=code&redirect_uri=XXX&prompt=consent
Here is the full error message:
AADSTS50020: User account '[email protected]' from identity provider 'live.com' does not exist in tenant 'XXX' and cannot access the application 'xxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.