Search code examples
azureoauthazure-active-directoryauth0

“That Microsoft account doesn’t exist” for Microsoft logins on Auth0

I have an app that is secured via Auth0.com, on which I've enabled social login via Google and Microsoft. Everything works fine with the former and personal MS accounts work too.

But for some reason work/organisational MS logins are getting the below error.

enter image description here

I have verified that the Azure app I set up to connect to Auth0 supports all types of MS account, not just personal ones, as the below shows:

enter image description here

I've also set up redirect URLs, permissions etc. As I say, personal MS logins work fine.

Does anyone know what might be wrong?

I read somewhere that you need to connect your app to your Azure directory, or some such. But don't the settings above suggest everything is set up, particularly if some MS accounts can already login successfully?

Solution

  • Note that: You cannot use Azure AD (organizational MS logins) on the Auth0 Free tier. This feature is only available through an Enterprise connection, which is part of Auth0's Enterprise subscription.

    • Since the Free tier only supports personal Microsoft accounts, you need to upgrade to the Enterprise plan to authenticate work/organizational MS accounts.
    • To support Microsoft work/organizational accounts, you will need an Enterprise plan.

    If you want users to log in with their Microsoft/work accounts for their organization, you have to Connect Your App to Microsoft Azure Active Directory:

    Create a multi-tenant application selecting "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)":

    enter image description here

    To set up an Azure AD Enterprise Connection in Auth0:

    Go to the Auth0 Dashboard and navigate to Authentication -> Enterprise. Find Microsoft Azure AD and click the + button.

    • Fill in the necessary details to create the connection.
    • You can configure how user profiles are created and updated in Auth0.
    • Under the Login Experience section, customize how users will log in using this connection.
    • Provide consent for the connection.
    • To enable the new Azure AD connection, you must link it to your Auth0 applications.
    • Finally, test the connection to ensure it works as expected.

    To make this work you need to upgrade to Enterprise subscription. Refer this blog.

    Reference:

    Getting "That Microsoft account doesn't exist" for Microsoft logins? - Auth0 Community by rueben.tiow