Low severityauthentication
Power BI Error:
AADSTS16002
What does this error mean?
Sign-in failed because the application required a specific session (SID) that did not match the user's current session.
Common causes
- 1The `sid` (session ID) parameter sent in the authorization request points to a session that has expired or been signed out
- 2The user is signed in with a different account than the one the `sid` was issued for (account switch / multi-account browser session)
- 3An SSO or embedded scenario (e.g. Power BI embedded, Teams app) cached an old session reference and replays it on a new sign-in attempt
- 4Conditional Access or session lifetime policy invalidated the original session before the app re-used the `sid`
- 5The application explicitly enforces `prompt=none` together with a `sid`/`login_hint` that no longer matches the browser session
How to fix it
- 1Sign out fully from all Microsoft accounts (login.microsoftonline.com/logout) and clear cookies for *.microsoftonline.com and *.microsoft.com, then retry the sign-in — this clears the stale session the SID was bound to
- 2If you are an end-user of Power BI, Fabric or a Power BI embedded app: close all browser tabs/windows, open a new private/incognito window, and sign in with the correct account before opening the workspace or report
- 3If you are the app developer/admin: remove the `sid` parameter (and `prompt=none`) from the `/authorize` request, or fall back to an interactive prompt when AADSTS16002 is returned, so Entra ID can establish a fresh session
- 4For embedded/SSO scenarios, ensure the embedding host passes the current user's token (or `login_hint`) instead of a cached `sid` from a previous session
- 5Review Conditional Access and token lifetime policies in Microsoft Entra admin center — short session lifetimes combined with `sid`-based silent auth will reproduce this error; align the silent-auth retry logic with the configured session lifetime