Search Engine: Elastic

Article ID: 131960, created on Dec 23, 2017, last review on Jan 2, 2018

  • Applies to:
  • Operations Automation

Symptoms

Office 365. Sales Order fails:

"error":"invalid_request","error_description":
"AADSTS50178: User account 'user@resellerDomainCSP.onmicrosoft.com' from identity provider 'https://sts.windows.net/a3831efe-...-8128a3717143/' does not exist in tenant 'End-customer organization' and cannot access the application 'cde22860-...-08622a196d0c' in that tenant. 
The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.'

The same error can be faced on attempt to use the readCSPAccounts.py script.

Cause

There might be several reasons:

  1. Azure AD Native Applications are not configured correctly;
  2. Permission issue on the Microsoft side.

Resolution

Steps to resolve the case:

  1. Check instructions from the Registering Native Apps for Partner Center and Graph APIs are done completely and both Native Applications are configured correctly;
  2. In case step 1 is done, please contact Microsoft support with complete error message provided.

caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 5356b422f65bdad1c3e9edca5d74a1ae

Email subscription for changes to this article
Save as PDF