Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1010

Improve SSO enabled user login error messaging

XMLWordPrintable

    • 114

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Issue Summary

      An SSO-enabled user receives the below error when logging in if a user is not assigned to the Atlassian cloud application on IDP. 

      Message: AADSTS50105: The signed in user 'user@example.com' is not assigned to a role 
for the application '33333333-2222-1111-aaaa-ebbbbbbbb'(Atlassian Cloud).

      The message is confusing, and the administrator does not get clarity on where to check for user assignment. It would be better to mention about Atlassian cloud application on IDP

      Message: AADSTS50105: The signed in user 'user@example.com' is not assigned to a role 
for the application '33333333-2222-1111-aaaa-ebbbbbbbb'(Atlassian Cloud application on IDP).

      Steps to Reproduce

      1. Enable SAML SSO for an organization
      2. Do not assign a user to the Atlassian cloud application on Azure.
      3. Login user via SSO

      Expected Results

      The error message should be more clear and precise to the point administrator in the right direction.

      Workaround

      This is an Azure AD related error and Microsoft has published articles that go over the SAML Error Codes: https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts50105-user-not-assigned-role

              d056dd6d7b90 Holly Makris (Inactive)
              20d8b956adca Jayant Suneja
              Votes:
              4 Vote for this issue
              Watchers:
              19 Start watching this issue

                Created:
                Updated: