Share via

AADSTS90072: User account

V M 0 Reputation points
2025-01-16T18:52:15.4733333+00:00

I get the below error when i try to loginto Global Protect VPN.

Earlier i have used VPN for client XXXX. Not i have to login to client ZZZZZ. But its using the client xxxx email address to log into client ZZZZZ network. I have uninstalled the app multiple times , but no use. I can successfullt connect in another laptop(connect to client ZZZZZ, and i never connected to client XXXX fromt his other laptop)

AADSTS90072: User account '******@xxxx.ca' from identity provider 'https://sts.windows.net/f4118c16-85fe-440e-8bf2-573cc8c6b420/' does not exist in tenant 'ZZZZZ' and cannot access the application 'https://gp-zzz.com:443/SAML20/SP'(Palo Alto Networks - GlobalProtect) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,166 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 23,060 Reputation points
    2025-01-17T09:20:44.5333333+00:00

    Hello V M,

    Thanks for your question.

    This is most likely due to cached creds on login with global protect.

    You will have to try any of the following:

    • Confirm first that the account still exists on the tenant and it is not a false error
    • Open your web browser and Clear browsing data, ensuring that cookies and cached images/files are selected.
    • If your device is connected to multiple accounts, you may need disconnect unnecessary work/school accounts: Go to Accounts > Access work or school and select the account causing conflict and click Disconnect.
    • Try removing from credential manager. Press Win + R, type control keymgr.dll, nder Windows Credentials, locate any entries related to GlobalProtect or your VPN and remove

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

  2. Sandeep G-MSFT 20,701 Reputation points Microsoft Employee
    2025-01-17T10:00:28.1566667+00:00

    @V M

    Thank you for posting this in Microsoft Q&A.

    As I understand you are unable to connect to ZZZZZ using XXXX credentials.

    In the above scenario, XXXX account is an external account for ZZZZZ client that you are using. The error indicates that the external account that the user signs in with doesn't exist on the tenant that they signed into.

    To fix this issue you will have to add user XXXX as a guest user in ZZZZZ tenant. And also assign XXXX guest user to ZZZZZ application in the tenant.

    You can follow below article to add XXX user to ZZZZ tenant as B2B user,

    https://learn.microsoft.com/en-us/entra/external-id/add-users-administrator

    https://learn.microsoft.com/en-us/entra/external-id/b2b-quickstart-add-guest-users-portal

    Let us know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.