What causes AADSTS50162?

Excessive number of claims transformation rules configured on the app registration's claims-mapping policy. Complex regex or chained transformations (e.g. RegexReplace, Join) that are expensive to evaluate per token. Large directory extension or source attribute lookups feeding the transformation pipeline. Transient load on the Entra ID claims-issuance service causing the evaluation to exceed its timeout. Custom SAML/OIDC claims policy applied to a service principal with many group or role claims to resolve

How do I fix AADSTS50162?

Retry the sign-in once — Microsoft documents that a single retry can succeed if the timeout was transient. Identify the affected app: in the Entra ID portal go to Enterprise Applications → the failing app → Single sign-on / Token configuration, and review the Claims and Claims-mapping policy. Reduce complexity: remove unused optional claims, collapse chained RegexReplace/Join transformations, and avoid pulling rarely-used directory extensions into every token. Inspect the claims-mapping policy via Microsoft Graph (`policies/claimsMappingPolicies`) and trim or split rule sets that exceed reasonable size. If group claims are the source of bloat, switch to `groupMembershipClaims = ApplicationGroup` or use group filtering so only assigned groups are emitted. Escalate to your Entra ID / Azure AD administrator with the correlation ID from the error if simplification is not possible

Low severityauthentication

Power BI Error:
AADSTS50162

What does this error mean?

Azure AD / Entra ID aborted sign-in because configured claims transformation rules took too long to evaluate.

Common causes

1Excessive number of claims transformation rules configured on the app registration's claims-mapping policy
2Complex regex or chained transformations (e.g. RegexReplace, Join) that are expensive to evaluate per token
3Large directory extension or source attribute lookups feeding the transformation pipeline
4Transient load on the Entra ID claims-issuance service causing the evaluation to exceed its timeout
5Custom SAML/OIDC claims policy applied to a service principal with many group or role claims to resolve

How to fix it

1Retry the sign-in once — Microsoft documents that a single retry can succeed if the timeout was transient
2Identify the affected app: in the Entra ID portal go to Enterprise Applications → the failing app → Single sign-on / Token configuration, and review the Claims and Claims-mapping policy
3Reduce complexity: remove unused optional claims, collapse chained RegexReplace/Join transformations, and avoid pulling rarely-used directory extensions into every token
4Inspect the claims-mapping policy via Microsoft Graph (`policies/claimsMappingPolicies`) and trim or split rule sets that exceed reasonable size
5If group claims are the source of bloat, switch to `groupMembershipClaims = ApplicationGroup` or use group filtering so only assigned groups are emitted
6Escalate to your Entra ID / Azure AD administrator with the correlation ID from the error if simplification is not possible

Frequently asked questions

What does AADSTS50162 mean?

Claims transformation has timed out. This indicates too many or too complex transformations may have been configured for this application. A retry of the request may succeed. Otherwise, please contact

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes