Common validation errors

Users attempting to sign on to Tenant Management services may encounter the following error messages. Refer to these descriptions for troubleshooting and resolution.

Important! User names are in the User Principal Name (UPN) format (for example, jdoe@domain.com). This is similar to the standard email address format and may or may not match your actual email address. If you encounter a sign-in error, make sure that you are using your UPN, or contact your administrator to confirm your UPN account name.

Custom sign-in errors

  • E_NO_USER. The user has been successfully authenticated by Azure Active Directory, but there is no corresponding user entry in the Identity database. The user's UPN name (not the user's email address) needs to be added to the target tenant in Identity.

  • E_TENANT_NOT_ALLOWED. The user has been successfully authenticated by Azure Active Directory, and a user entry with a matching UPN exists in the Identity database. However, all tenants associated with the user are disabled. The user's UPN needs to be linked to an active tenant, or the user's tenant needs to be re-enabled.

  • E_NO_ASSOCIATED_TENANTS. The user has been successfully authenticated by Azure Active Directory, and a user entry with a matching UPN exists in the Identity database. However, the user does not belong to any active tenants. One probable reason is that the user's original tenant has been removed. The user's UPN needs to be added to an active tenant in Identity.

  • E_NO_TENANT_SPONSOR. There is no tenant to which the user has any entitlement.

    A user becomes entitled when either of these statements is true:

    • The user has membership in at least one role.

    • The tenant has at least one application that does not require any roles (tenant-wide).

  • E_NOT_ENTITLED. The user explicitly requested a tenant context without being entitled to it.

    A user becomes entitled when either of these statements is true:

    • The user has membership in at least one role.

    • The tenant has at least one application that does not require any roles (tenant-wide).

    A sign-in request to a specific tenant may arrive in any of the following scenarios:

    • The user initiates tenant switching, but the entitlement has recently been revoked.

    • The user navigates to a deep link (a saved or shared URL that contains a specific tenant ID).

    • The user begins using the portal which opens the most recently used tenant context.

  • E_USER_SIGN_IN_TIMEDOUT. The sign-in procedure took too long. The most common cause for this error is keeping any of the following Azure AD authentication forms open for several minutes.

Technical errors

The following errors require further investigation either by Itron or Microsoft:

  • E_INVALID_CLIENT_FLOW

  • E_NO_TENANTID_CLAIM

  • E_ID_NOT_PROVIDED

  • E_IDP_UNKNOWN

  • E_AUTH_SCHEME_UNREGISTERED

  • E_IDP_UNREACHABLE

Detailed descriptions provided with these errors need to be shared with Itron Support for any further troubleshooting.