Overview
This article explains why the error below occurs when attempting to log in using an Azure Active Directory (Azure AD) connection:
AADSTS500011: The resource principal named <resource_principal_name> was not found in the tenant named <tenant_name>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Applies To
- AADSTS500011 error
- Microsoft Azure AD
- Management API endpoint
Cause
The AADSTS500011 error is returned by Microsoft Azure AD. This error occurs because the resource principal, which refers to the application or service, cannot be found in the tenant.
Solution
To resolve this error, access the Get a connection Management API to review the configuration of the Azure AD connection.
Inspect the upstream_params section of the connection’s configuration, particularly the scope parameter. The structure for this parameter is as follows:
"upstream_params": {
"scope": {
"value": ""
}
}
NOTE: Custom scopes defined in the upstream_params of the Auth0 connection are automatically sent to Azure AD during the authentication request. If Azure AD does not recognize these scopes, it may return an error message such as:
The resource principal named <custom_scope_name> was not found…
In this error, <custom_scope_name> typically refers to the custom scope configured in the Auth0 connection. To resolve this, ensure that all scopes sent are recognized and permitted by the Azure AD application, or remove any unnecessary custom scopes from the upstream_params.