What causes AADSTS50056?

Newly created Entra ID (Azure AD) user account that has never had a password set or where initial password setup was skipped. Federated user (e.g. ADFS, Okta, Ping) attempting cloud password authentication instead of being redirected to the home realm IdP. Guest/B2B user trying to sign in with a password against the resource tenant instead of their home tenant. Password was cleared or reset by an admin via Microsoft Graph / PowerShell without communicating the temporary credential to the user. Account is configured for passwordless authentication only (FIDO2, Windows Hello, certificate-based) but a password-based flow was attempted

How do I fix AADSTS50056?

Have the user reset their password at https://passwordreset.microsoftonline.com (or have an admin issue a temporary password via the Entra admin center → Users → Reset password). If the user is federated, verify the domain's federation settings (Get-MgDomainFederationConfiguration) and ensure the sign-in flow redirects to the on-prem IdP instead of prompting for a cloud password. For guest users, confirm they are signing in with their home-tenant credentials and that the B2B invitation has been redeemed. Check the user object in the Entra admin center for 'Password never set' or a passwordless-only authentication method, and provision the appropriate credential. For service accounts used by Power BI gateways, ADF linked services, or Fabric data connections, rotate the credential and update the stored connection — not the interactive user flow

High severityauthentication

Power BI Error:
AADSTS50056

What does this error mean?

User signed in to Microsoft Entra ID (Azure AD) without a valid password stored in the directory for their account.

Common causes

1Newly created Entra ID (Azure AD) user account that has never had a password set or where initial password setup was skipped
2Federated user (e.g. ADFS, Okta, Ping) attempting cloud password authentication instead of being redirected to the home realm IdP
3Guest/B2B user trying to sign in with a password against the resource tenant instead of their home tenant
4Password was cleared or reset by an admin via Microsoft Graph / PowerShell without communicating the temporary credential to the user
5Account is configured for passwordless authentication only (FIDO2, Windows Hello, certificate-based) but a password-based flow was attempted

How to fix it

1Have the user reset their password at https://passwordreset.microsoftonline.com (or have an admin issue a temporary password via the Entra admin center → Users → Reset password)
2If the user is federated, verify the domain's federation settings (Get-MgDomainFederationConfiguration) and ensure the sign-in flow redirects to the on-prem IdP instead of prompting for a cloud password
3For guest users, confirm they are signing in with their home-tenant credentials and that the B2B invitation has been redeemed
4Check the user object in the Entra admin center for 'Password never set' or a passwordless-only authentication method, and provision the appropriate credential
5For service accounts used by Power BI gateways, ADF linked services, or Fabric data connections, rotate the credential and update the stored connection — not the interactive user flow

Frequently asked questions

What does AADSTS50056 mean?

Invalid or null password: password doesn't exist in the directory for this user. The user should be asked to enter their password again.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes