![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 73%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
The error indicates that the Gmail-based account is not recognized as a guest or member in the Microsoft Entra tenant that hosts the Agents League Hackathon application. This is a standard AADSTS50020 scenario where the user account from the identity provider does not exist in the resource tenant.
Actionable steps for resolution:
- Confirm the correct sign-in account
- Ensure the same Gmail address that received the hackathon registration confirmation is used at the Microsoft sign-in prompt.
- If there are multiple Microsoft accounts or sessions in the browser, an existing session might be using a different account than intended.
- Clear conflicting sessions
- Sign out of all Microsoft accounts in the browser.
- Open a new InPrivate/Incognito window or a different browser.
- Try accessing the hackathon portal again and explicitly choose the Gmail account used for registration.
- Verify that the correct endpoint is used (for app owners/support team)
- If the hackathon portal is configured as a multitenant or “multitenant and personal accounts” app, its
Authority/sign-in URL should be one of:-
https://login.microsoftonline.com/organizationsfor multitenant organizational accounts -
https://login.microsoftonline.com/commonfor multitenant + personal accounts -
https://login.microsoftonline.com/consumersfor personal accounts only
-
- If the app instead uses a tenant-specific URL such as
https://login.microsoftonline.com/<TenantIDOrName>, then external users (like a Gmail-based Microsoft account) must be added as guests in that tenant before they can sign in.
- If the hackathon portal is configured as a multitenant or “multitenant and personal accounts” app, its
- Ensure the account type is supported (for app owners/support team)
- If the app registration is single-tenant, external users cannot sign in and will see
AADSTS50020. - In that case, the app registration must be recreated with a supported
signInAudiencevalue such as:-
AzureADandPersonalMicrosoftAccount -
AzureADMultipleOrgs -
PersonalMicrosoftAccount
-
- If the app registration is single-tenant, external users cannot sign in and will see
- Confirm the user is invited/assigned if required (for hackathon support/admins)
- If the hackathon portal is backed by an enterprise application that requires user assignment, ensure the Gmail-based account is:
- Invited as a guest user to the tenant, and
- Explicitly assigned to the enterprise application (or added to a group that is assigned to the app).
- If the hackathon portal is backed by an enterprise application that requires user assignment, ensure the Gmail-based account is:
- Contact the hackathon/tenant administrator
- If the above user-side steps (sign-out, private browser, correct account) do not resolve the issue, the hackathon support or tenant administrator must:
- Check sign-in logs for
AADSTS50020entries for the Gmail address. - Confirm whether the Gmail account exists as a guest in the tenant.
- Invite the Gmail account as a guest if it does not exist, and/or assign it to the application if user assignment is required.
- Check sign-in logs for
- If the above user-side steps (sign-out, private browser, correct account) do not resolve the issue, the hackathon support or tenant administrator must:
These steps ensure that the Gmail-based Microsoft account is correctly recognized in the Microsoft tenant hosting the Agents League Hackathon portal and that the application is configured to accept that account type.
References: