AADSTS50105 - The signed in user is not assigned to a role for the application

Context

You receive error AADSTS50105 when attempting to sign into the IriusRisk UI when using Azure AD SAML-based SSO.

Root Cause

The user has not been given access to the application in Azure AD. The user must either be assigned directly to the application or be a member of a group that is. Keep in mind that nested groups cannot be used; instead, the group must be assigned to the application directly.

Note: Nested groups are not supported, and the group must be directly assigned to the application.

Resolution

This can be resolved by either:

• Assigning the user(s) to a group that is assigned to the application in Azure AD
• Assigning user(s) to the application in Azure AD directly