|
| 1 | +--- |
| 2 | + |
| 3 | +title: Error AADSTS500011 - Resource Principal Not Found |
| 4 | +description: Describes a problem in which a user experiences an AADSTS500011 error when trying to sign in to Microsoft Entra ID. |
| 5 | +author: custorod |
| 6 | +ms.author: custorod |
| 7 | +ms.service: entra-id |
| 8 | +ms.topic: troubleshooting-problem-resolution |
| 9 | +ms.date: 01/16/2025 |
| 10 | +ms.subservice: authentication |
| 11 | +ms.custom: sap:Issues Signing In to Applications |
| 12 | +--- |
| 13 | + |
| 14 | +# AADSTS500011 - Resource Principal Not Found |
| 15 | + |
| 16 | +This article describes a problem in which users experiences an "AADSTS500011" error when they try to sign in to Microsoft Entra ID. |
| 17 | + |
| 18 | +## Symptoms |
| 19 | + |
| 20 | +When users try to sign in to an application that uses Microsoft Entra ID authentication, they receive the following error message: |
| 21 | + |
| 22 | +> `AADSTS500011 - The resource principal named [resource URL] was not found in the tenant named [tenant ID]` |
| 23 | +
|
| 24 | +## Cause |
| 25 | + |
| 26 | +This issue occurs if the resource principal (the application or service) is not found in the tenant. This issue occurs if: |
| 27 | + |
| 28 | +- The resource application isn't provisioned by the administrator in the tenant. |
| 29 | +- The resource application isn't consented to by any user in the tenant. |
| 30 | +- The resource URL is not configured correctly. |
| 31 | +- The tenant ID is not correct. |
| 32 | + |
| 33 | +## Resolution |
| 34 | + |
| 35 | +To resolve this issue, follow these steps: |
| 36 | + |
| 37 | +1. **Verify resource application provisioning**: |
| 38 | + |
| 39 | + - Make sure that the application (resource principal) is registered correctly in your Microsoft Entra ID tenant. |
| 40 | + - Go to the [Azure portal](https://portal.azure.com), and navigate to Microsoft Entra ID > Enterprise applications. |
| 41 | + - Check whether the application is listed and correctly configured. |
| 42 | + |
| 43 | +1. **Consent to application**: |
| 44 | + - Make sure that the resource application has been consented to by an administrator or a user in the tenant. |
| 45 | + - Go to the [Azure portal](https://portal.azure.com), and navigate to Microsoft Entra > Enterprise applications. |
| 46 | + - Find the application, and make sure that it has the necessary permissions and consent. |
| 47 | + |
| 48 | +1. **Check resource URL**: |
| 49 | + - Verify that the resource URL that appears in the error message matches the resource application that you provisioned in your tenant ID. |
| 50 | + - Make sure that the authentication request is sent by using the correct resource URL. |
| 51 | + |
| 52 | +1. **Check tenant ID**: |
| 53 | + - Verify that the tenant ID that appears in the error message is the same as your tenant ID. |
| 54 | + - Make sure that the authentication request is sent to the correct Microsoft Entra ID tenant. |
| 55 | + |
| 56 | +## More information |
| 57 | + |
| 58 | +For a full list of authentication and authorization error codes, see [Microsoft Entra authentication and authorization error codes](/azure/active-directory/develop/reference-error-codes). |
| 59 | + |
| 60 | +To investigate individual errors, go to [https://login.microsoftonline.com/error](https://login.microsoftonline.com/error). |
| 61 | + |
| 62 | +[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] |
0 commit comments