Microsoft Entra sign-in failed because the user account does not exist in the directory
The user account {email} does not exist in the {tenant} directory. To sign into this application, the account must be added to the directory.
Microsoft Entra ID could not find the user account in the target tenant directory. The sign-in attempt referenced a username or UPN that has no matching object in the tenant, either because the account does not exist there, the wrong tenant is being targeted, or the account has been deleted or disabled.
The user account {email} does not exist in the {tenant} directory. To sign into this application, the account must be added to the directory.
Why it happens
The user is attempting to sign in to an application registered in a different tenant than the one their account belongs to, and the application only accepts accounts from that specific tenant.
The UPN or email address entered during sign-in contains a typo, uses an alias, or references an old domain that has since changed.
The user account has been deleted from the tenant directory and the deletion has not been reversed.
In an automated flow or service integration (e.g., Azure AD Connect, MigrationWiz), the Tenant ID configured in the tool does not match the tenant the credential account belongs to.
The account is a Microsoft Account (MSA / personal account) but the application is configured to accept only work or school accounts from a specific tenant.
The account is a B2B guest that has not yet been invited to or redeemed an invitation for the resource tenant.
How to fix it
Confirm the user account exists in the target tenant: in the Microsoft Entra admin center, navigate to Users > All users and search for the account by email or UPN. If it does not appear, the account needs to be created or invited.
Check for UPN typos or domain mismatches: ensure the sign-in uses the user's primary UPN and not an alias or an old domain name. Verify by checking the user's profile in the Entra admin center.
If the user belongs to a different organisation: invite them as a B2B guest via Microsoft Entra admin center > External Identities > All identities > New guest user. Once they redeem the invitation, they will be able to sign in.
If the account was recently deleted: navigate to Users > Deleted users and restore it if it is within the 30-day soft-delete window.
For automated integrations or service accounts: verify that the Tenant ID used in the configuration matches the tenant the credential account belongs to. Mismatched tenant IDs are a common cause in migration and sync tools.
If the application is configured as single-tenant and the user is in a different tenant: update the application's supported account types in the app registration (Azure portal > App registrations > select the app > Authentication > Supported account types) to allow multi-tenant sign-in, or create the user in the correct tenant.
