azure active directory – User not allowed by policy conditions – Entra External ID for customers

I am using External ID for my customer tenant, authenticating via an Angular SPA.

My setup is identical to what is described in this article:

I downloaded the sample app provided by Microsoft, replaced the auth config my details and attempted to login with a personal email account. I am able to create a new account inside the tenant but when the app attempts to retrieve a token the following error is returned.

    "error": "invalid_grant",
    "error_description": "AADSTS131010: User not allowed by policy conditions. Trace ID: b989b1cf-f73e-4d3e-b23e-a35907f50000 Correlation ID: 11dee46b-a316-4265-9a90-5810cd78f395 Timestamp: 2024-01-23 01:50:02Z",
    "error_codes": [
    "timestamp": "2024-01-23 01:50:02Z",
    "trace_id": "b989b1cf-f73e-4d3e-b23e-a35907f50000",
    "correlation_id": "11dee46b-a316-4265-9a90-5810cd78f395",
    "suberror": "bad_token"

I can also see the failed request in Entra. Not what to do at this point other than start from scratch and see if that resolves the issue. Any thoughts?

enter image description here

enter image description here

enter image description here

Read more here: Source link