Low severityauthentication
Power BI Error:
AADSTS50101
What does this error mean?
Microsoft Entra ID (Azure AD) rejected sign-in because a claims-mapping policy references a transformer name that doesn't exist.
Common causes
- 1Typo or wrong casing in the TransformationMethod name inside the claims-mapping policy JSON
- 2Use of a transformation method that isn't supported by Entra ID's claims transformer set
- 3Malformed ClaimsMappingPolicy definition (missing Source/ID/TransformationMethod fields)
- 4Policy assigned to the wrong service principal, referencing transformers from another app's schema
- 5Custom claims transformation that was deprecated or never existed in the directory
How to fix it
- 1Retrieve the claims-mapping policy with Get-MgPolicyClaimMappingPolicy (or Graph API) and inspect the Definition JSON for the principal in the error
- 2Validate every TransformationMethod value against Microsoft's supported list (e.g. Join, ExtractMailPrefix, ToLowercase, ToUppercase, Trim, RegexReplace) — fix typos and casing
- 3Re-create the policy with corrected JSON via New-MgPolicyClaimMappingPolicy, then re-assign it to the service principal with Add-MgServicePrincipalClaimMappingPolicyByRef
- 4Test sign-in in an InPrivate browser session and capture the new correlation ID; if it still fails, temporarily detach the policy to confirm it's the source
- 5If the policy was provisioned by an SSO/IdP integration tool, re-run that tool's setup so it regenerates a valid claims-mapping policy