Skip to content

External Member with Owner Access is not authorized to Auto-Start VM via Logic Apps #1481

New issue
New issue
Open
Open
External Member with Owner Access is not authorized to Auto-Start VM via Logic Apps#1481
Labels
bug
@shubham-plumm

Description

@shubham-plumm
shubham-plumm
opened on Nov 17, 2025

Severity

P1 - Critical (Blocking production)

Describe the Bug with repro steps

Expected Behaviour:
It should authenticate and allow Auto Start VM logic app to Pass.

Actual Behaviour:
My email is shubham@heplumm.com. I have 2 tenants in same company. "1st Tenant Plumm" is having users and "2nd Tenant Default Directory" is having VMs. I was invited to Tenant 2 Default Directory. I was given Tenant's Global Admin and Owner access on subscription. Subscription has VMs. I created a logic app task to Auto Start a VM but it fails every time with below msg. From what I understand is that its not accepting my email ID but I have global admin and owner and so it should accept it. I can't create a new user just to authorize logic apps.
"{
"error": {
"code": "InvalidAuthenticationTokenTenant",
"message": "The access token is from the wrong issuer 'https://sts.windows.net/56d21f97-9fe-a0c-a734-7c751c4913/'. It must match the tenant 'https://sts.windows.net/ac57a81f-2b7d-466d-9e4d-375cf2c9f' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/ac57a81f-2b7d-6d-9ed-375f2c9f6' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."
}
}"

Steps to reproduce:

  1. Invite External User to tenant
  2. Make him Member and give him Global Admin and also Owner of Subscription
  3. Set Auto Start Logic App for a VM
  4. Authorize the Connection with External User email ID. It gets authorized for both Azure and Office 365.
  5. Enable the Auto Start VM task.
  6. It will fail every time with msg unauthorized with error code InvalidAuthenticationTokenTenant :(

What type of Logic App Is this happening in?

Consumption (Portal)

Are you experiencing a regression?

No

Which operating system are you using?

Windows

Did you refer to the TSG before filing this issue? https://aka.ms/lauxtsg

No

Workflow JSON



Screenshots or Videos

Image
Image

Environment


No issue with the environment.


Additional context


No response
Metadata
Metadata
Assignees
No one assigned
    Labels
    bug
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions