14

After running azcopy login and signing in with my Azure account, I see the following response on the sign in page:

“User account from identity provider does not exist in tenant ‘Microsoft’ and cannot access the application in that tenant. This account needs to be added as an external user in the tenant first. Sign out and sign back in again with a different Azure Active Directory user account.”

Am I missing something like an App Registration?

2 Answers2

24

You are probably facing this issue because you are not specifying your Azure AD tenant-id while trying to login with azcopy.exe

So instead of 

azcopy.exe -login

You should do

azcopy.exe -login --tenant-id=yourtenantid
  • When you don't specify any tenant-id it tries to login to "Microsoft.com" tenant, where obviously your specific Azure AD user like kyle@myaad.onmicrosoft.com doesn't exist and hence the error.

  • If you don't know your Azure AD Tenant Id already, one of the many ways to find it is by going to Azure Portal > Azure Active Directory > Your specific Azure AD > Properties (The Guid in Directory ID field is your Azure AD Tenant ID)

    enter image description here

  • On a side note, I was able to reproduce your issue doing exactly just the login without my tenant mentioned and then able to successfully login by specifying the tenantid appropriately.

    Issue using only azcopy.exe login enter image description here

    Successful login using azcopy.exe login --tenant-id=fa89xxxxxxxx enter image description here

Rohit Saigal
  • 9,317
  • 2
  • 20
  • 32
  • 2
    The syntax for this command has changed slightly to: AzCopy login /tenant:tenant-id-goes-here – daveywc Dec 14 '18 at 04:41
  • @daveywc thanks for that information. I'll check and update the answer as well a little later.. for anyone referring to it in future. – Rohit Saigal Dec 14 '18 at 04:45
  • On OS X, the syntax in the answer worked for me (and it is what the info message recommends as of Jun 2020). i..e, `azcopy login --tenant-id=`. Also be aware that nothing seems to change on the command line but when you open the browser you no longer get the error message. – John Jun 14 '20 at 18:14
  • Using existing tenant id simply worked. Thanks for the help. – Sagar Khatri Jul 17 '20 at 11:29
  • To add, if you're getting 403 while uploading after login, simply generarte SAS and append that to the destination URL to upload files. – Sagar Khatri Jul 17 '20 at 11:59
-1

You need to sign in with an MSA account that is already part of an Azure Tenant

Hannel
  • 1,656
  • 3
  • 10
  • 17
  • When I attempt to login, I am using an account that is associated with an Azure Tenant. In other words, the account I am attempting to login with is controlled via Azure Active Directory. Could you elaborate if you meant something else? –  Oct 31 '18 at 21:43