Low severityauthentication
Power BI Error:
AADSTS500011
What does this error mean?
The resource (API/app) you're authenticating against has no service principal in the target Microsoft Entra ID tenant.
Common causes
- 1The resource application has never been consented to or installed by an admin in the target tenant, so no service principal exists
- 2Authentication request is sent to the wrong tenant (e.g. /common or another tenant GUID instead of the tenant where the app is registered)
- 3The resource identifier (resource URI / Application ID URI) in the token request is misspelled or points to a non-existent app
- 4The service principal was deleted from the tenant while the application registration still exists in another directory
- 5Multi-tenant app missing admin consent in the customer tenant — first-time sign-in by a non-admin user fails before provisioning the service principal
How to fix it
- 1Verify the tenant ID in your authority URL (login.microsoftonline.com/{tenant}) matches the tenant where the resource app should live — switch from /common to the explicit tenant GUID if needed
- 2In the target tenant, go to Microsoft Entra ID → Enterprise applications and search for the resource app (by name or Application ID); if it's missing, the service principal needs to be provisioned
- 3Have a Global Administrator grant tenant-wide admin consent via the consent URL: https://login.microsoftonline.com/{tenant}/adminconsent?client_id={resource-app-id} — this creates the service principal
- 4Confirm the resource value in your token request (scope or resource parameter) matches the Application ID URI registered on the resource app, not a typo or stale GUID
- 5For Power BI / Fabric / ADF / Databricks gateway scenarios: re-check that the data source's configured Entra app (e.g. service principal for Power BI API or Storage) is registered AND consented in the same tenant as the workspace