What causes AADSTS50058?

Silent authentication request (prompt=none) sent while the user has no active Entra ID / Azure AD session in the browser. Session cookie expired, cleared, or blocked (third-party cookies, private/incognito mode, ITP in Safari). User signed out of Microsoft 365 / Power BI in another tab, invalidating the SSO session. Conditional Access or session lifetime policy forced re-authentication. MSAL.js or ADAL configured with login_hint/SSO but no matching session exists for that account

How do I fix AADSTS50058?

Catch the AADSTS50058 response in your auth library and trigger an interactive sign-in (acquireTokenRedirect / acquireTokenPopup in MSAL) instead of treating it as a hard error. Verify the browser allows third-party cookies for login.microsoftonline.com — ITP/strict tracking protection often breaks the hidden iframe used for silent SSO. If using MSAL.js, prefer ssoSilent() with a loginHint or sid claim from a previous ID token rather than a blind prompt=none call. Check Conditional Access policies in the Entra admin center for sign-in frequency or session controls that force re-auth. For Power BI Embedded / embedded apps: ensure the embedding page and the auth domain share a top-level browsing context, or switch to the master-user / service-principal flow

Low severityauthentication

Power BI Error:
AADSTS50058, user session not found

What does this error mean?

Silent (prompt=none) sign-in to Microsoft Entra ID (Azure AD) failed because no active user session was found.

Common causes

1Silent authentication request (prompt=none) sent while the user has no active Entra ID / Azure AD session in the browser
2Session cookie expired, cleared, or blocked (third-party cookies, private/incognito mode, ITP in Safari)
3User signed out of Microsoft 365 / Power BI in another tab, invalidating the SSO session
4Conditional Access or session lifetime policy forced re-authentication
5MSAL.js or ADAL configured with login_hint/SSO but no matching session exists for that account

How to fix it

1Catch the AADSTS50058 response in your auth library and trigger an interactive sign-in (acquireTokenRedirect / acquireTokenPopup in MSAL) instead of treating it as a hard error
2Verify the browser allows third-party cookies for login.microsoftonline.com — ITP/strict tracking protection often breaks the hidden iframe used for silent SSO
3If using MSAL.js, prefer ssoSilent() with a loginHint or sid claim from a previous ID token rather than a blind prompt=none call
4Check Conditional Access policies in the Entra admin center for sign-in frequency or session controls that force re-auth
5For Power BI Embedded / embedded apps: ensure the embedding page and the auth domain share a top-level browsing context, or switch to the master-user / service-principal flow

Frequently asked questions

What does AADSTS50058 mean?

Session information isn't sufficient for single-sign-on. This means that a user isn't signed in. This is a common error that's expected when a user is unauthenticated and hasn't yet signed in.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes