Low severityauthentication
Power BI Error:
AADSTS50194
What does this error mean?
The app uses the /common endpoint but is registered as single-tenant in Microsoft Entra ID (Azure AD).
Common causes
- 1App registration in Microsoft Entra ID has 'Supported account types' set to single tenant, but the sign-in request hits the /common or /organizations endpoint
- 2Hardcoded authority URL using https://login.microsoftonline.com/common in Power BI Embedded, custom connectors, or service principal auth flows
- 3App was created after Microsoft enforced the single-tenant + /common restriction (apps registered after this cutoff cannot use /common at all)
- 4Copy-pasted OAuth/MSAL configuration from a multi-tenant sample without updating the authority to the tenant GUID
- 5ADF or Databricks linked service configured with /common while the underlying service principal is single-tenant
How to fix it
- 1Replace /common (or /organizations) in your authority URL with your tenant ID: https://login.microsoftonline.com/{tenantId} — find the tenant ID under Entra ID > Overview
- 2If the app genuinely needs to serve users from multiple tenants, open the app registration in Entra ID > App registrations > Authentication and change 'Supported account types' to 'Accounts in any organizational directory (multitenant)'
- 3After switching to multi-tenant, ensure 'Application ID URI' uses a verified domain (not the default api://{appId}) — single-tenant→multi-tenant requires this
- 4For Power BI Embedded / service principal scenarios: update the MSAL or ADAL config (authority parameter) in your embedding code or linked service to the tenant-specific endpoint
- 5If the app is consumed by external tenants, have an admin from each tenant grant consent via https://login.microsoftonline.com/{externalTenantId}/adminconsent?client_id={appId}