Why can I not get into this?

Dear @Alex Fotheringham,

The error message you're seeing, typically means the user is trying to access a Microsoft 365 resource (like SharePoint Online) using an identity that doesn't belong to your organization's Azure Active Directory (AAD) tenant.

This usually happens when:

• The user is signed in with a personal Microsoft account (MSA) instead of their work account.
• The user isn't properly added as a guest/external user to your Azure AD tenant.

Please refer to this document: Error AADSTS50020 - User account from identity provider does not exist in tenant | Microsoft Learn

Some steps I'd recommend are:

1. Confirm the Sign-in identity: Make sure the user is logging in using their work/school account and not a personal email. If using multiple accounts in the browser, advise the user to sign out of all sessions, and then sign in only with their work account.
2. Add the User as a Guest (if needed): If the user is external to your organization, follow this guide to add it: Quickstart: Add a guest user and send an invitation - Microsoft Entra External ID | Microsoft Learn.

I hope this helps clarify the process for you.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

The error means the Gmail-based Microsoft account being used is not a member of the “Collective Wellness Group” Microsoft Entra ID (Azure AD) tenant, so it cannot access that organization’s SharePoint Online.

Key points from the message:

• Identity provider: live.com → this is a personal Microsoft account (e.g., Outlook.com/Hotmail.com/Gmail registered as an MSA).
• Tenant: Collective Wellness Group → this is an organizational Microsoft 365 tenant.
• Application: SharePoint Online.
• Requirement: The account must either exist in that tenant or be added as a guest (external) user.

To resolve this:

1. Verify the correct account
   • Sign out of all Microsoft accounts in the browser.
   • Sign back in using the work/school account that belongs to the “Collective Wellness Group” tenant (usually not a Gmail-based personal account, but something like ******@companydomain.com).
   • Then try accessing SharePoint again.
2. If only a personal account is available
   • Contact the organization’s Microsoft 365/SharePoint administrator (IT/helpdesk) and provide the error text.
   • Ask them to add the Gmail-based Microsoft account as a guest user in their tenant and grant access to the required SharePoint site.
3. If the app is intended for multiple tenants or personal accounts
   • The app registration must use the correct sign-in endpoint. For example, for multitenant apps or apps that support personal accounts, the sign-in URL should be one of:
     • https://login.microsoftonline.com/organizations (multitenant)
     • https://login.microsoftonline.com/common (multitenant + personal accounts)
     • https://login.microsoftonline.com/consumers (personal accounts only)
   • This is configured in the app’s Authority setting and must match the supported account types.

If access is expected specifically to the “Collective Wellness Group” SharePoint, the practical fix is usually to either use the correct organizational account or have the admin add the current account as an external (guest) user.

References:

• Error AADSTS50020 - User account from identity provider does not exist in tenant
• Universal Print troubleshooting guide