Low severityauthentication
Power BI Error:
AADSTS50068, Sign-out failed
What does this error mean?
The app that initiated sign-out isn't a participant in the current Microsoft Entra ID (Azure AD) session.
Common causes
- 1The sign-out request comes from an app (client_id) that never participated in the current SSO session — user authenticated via a different relying party
- 2Mismatch between the issuer/audience of the original id_token and the app initiating the front-channel or back-channel logout
- 3Stale or cross-tenant session: user switched accounts/tenants, but the old session cookie is still being used for the logout redirect
- 4SAML SLO misconfiguration — wrong LogoutURL, missing SP entry in Entra ID, or the SAML request is signed by a different entity than the session participant
- 5Multiple browser tabs/apps sharing cookies where one app tries to end a session it didn't establish (common with embedded Power BI / Fabric scenarios)
How to fix it
- 1Clear all browser cookies for login.microsoftonline.com and login.live.com, then close the browser completely and sign in fresh — this resolves the majority of stale-session cases
- 2Verify the app's client_id (or SAML EntityID) matches the one that issued the original id_token — check the aud/iss claims in the token used to start the session
- 3In Entra ID → App registrations → Authentication, confirm the Front-channel logout URL and Redirect URIs are registered for the exact app initiating sign-out
- 4For SAML apps: in Entra ID → Enterprise applications → [your app] → Single sign-on, ensure the Logout URL is configured and the signing certificate matches the SP that sends the LogoutRequest
- 5If embedding Power BI / Fabric content, ensure the host app and the embedded session share the same tenant and that you call the Power BI logout endpoint before the host app's logout