Azure Active Directory 多租户:租户中不存在用户
[英]Azure Active Directory Multi-tenant: User doesn't exist in tenant
问题描述
I'm new to AAD and I'm trying to allow sign-ins for users in tenants outside of my current one (the tenant that I set up AAD with).
我是 AAD 的新手,我正在尝试允许我当前租户(我设置 AAD 的租户)之外的租户中的用户登录。 I have two outlook accounts that I'm testing with.我有两个正在测试的 outlook 帐户。 And when I sign in with the other outlook account, I get the error:当我使用其他 outlook 帐户登录时,我收到错误消息:
"AADSTS50020: User account 'user@outlook.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account." “AADSTS50020:来自身份提供者‘live.com’的用户帐户‘user@outlook.com’在租户‘默认目录’中不存在,并且无法访问该租户中的应用程序‘’。该帐户需要添加为外部用户首先在租户中。注销并使用不同的 Azure Active Directory 用户帐户再次登录。”
I don't want to invite any users to my tenant, since if there are more users, they'll also have to be invited.我不想邀请任何用户加入我的租户,因为如果有更多用户,他们也必须被邀请。 I set up the configuration to be multi-tenant (orgs & personal accounts), and my api hits the /common endpoint.我将配置设置为多租户(组织和个人帐户),我的 api 到达/common端点。
Is there something that I'm missing?有什么我想念的吗? Or am I misunderstanding how multi-tenant works?还是我误解了多租户的工作原理? Thanks!谢谢!
1 个解决方案
解决方案1
0 2022-09-02 12:29:18
"AADSTS50020: User account 'user@outlook.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '' in that tenant
This error will occur whenever a guest user tries to access a resource or application within the resource tenancy, the sign-in process fails and display an error.每当来宾用户尝试访问资源租赁中的资源或应用程序时,都会发生此错误,登录过程会失败并显示错误。
To resolve this issue, Go to azure portal -> App registrations-> your App -> Manifest -> check signInAudience -> AzureADandPersonalMicrosoftAccount like below.要解决此问题,请从 Go 到 azure 门户 -> 应用注册 -> 您的应用 -> 清单 -> 检查signInAudience -> AzureADandPersonalMicrosoftAccount ,如下所示。
- If
signInAudienceproperty is missing in your manifest, try to recreate app registration by choosing the appropriate account type.如果清单中缺少signInAudience属性,请尝试通过选择适当的帐户类型来重新创建应用注册。 - If the users sign in into your tenant with their personal account, they need to be added as guest users even you select multi-tenant account type.如果用户使用他们的个人帐户登录到您的租户,即使您是 select 多租户帐户类型,也需要将他们添加为访客用户。
If there are more users, you can make use of bulk invite option by modifying UserInviteTemplate.csv file like below.如果有更多用户,您可以通过修改UserInviteTemplate.csv文件来使用批量邀请选项,如下所示。
- Go to Azure active directory -> users -> bulk operation -> Download the csv template . Go 到 Azure 活动目录 -> 用户 -> 批量操作 -> 下载 csv 模板。
- In template, add the list of user's email address to invite as below.在模板中,添加用户的 email 地址列表,如下所示。
- Upload
UserInviteTemplate.csvfile in bulk invite user.批量上传UserInviteTemplate.csv文件邀请用户。
- To check whether the guest users are added or not, you can filter
user type == guestas below.要检查是否添加了来宾用户,您可以过滤user type == guest,如下所示。
Reference : Error AADSTS50020 - User account from identity provider does not exist in tenant - Active Directory |参考: 错误 AADSTS50020 - 租户中不存在来自身份提供者的用户帐户 - Active Directory | Microsoft Docs 微软文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.