Error AADSTS50105 - The signed in user is not assigned to a role for the application

 

This article provides a resolution to the AADSTS50105 error that occurs during federated authentication with Azure Active Directory (Azure AD).

Symptoms

You receive the following error when trying to sign into an application that has been set up to use Azure AD for identity management using SAML-based Single Sign-On (SSO):

Error AADSTS50105 - The signed in user is not assigned to a role for the application.

Cause

The user hasn't been granted access to the application in Azure AD. The user must belong to a group that is assigned to the application, or be assigned directly.

Note

Nested groups are not supported, and the group must be directly assigned to the application.

Resolution

To assign one or more users to an application directly, see Quickstart: Assign users to an app.

More Information

For a full list of Active Directory authentication and authorization error codes, see Azure AD Authentication and authorization error codes.

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure community support.