SAML Single Sign-OnSAML Single Sign-On
Try For Free

The signed in user is not assigned to a role for the application

Problem

When using SSO with Azure AD you might receive an error from Azure after providing the username and password:
The signed in user is not assigned to a role for the application

AADSTS50105: The signed in user 'azure-username' is not assigned to a role for the application 'a33eedec-d848-4552-bb59-af60a2aeb63c'(name-of-the-sso-enterprise-app in Azure).

image2019-10-17_10-30-24.png

Solution

If you don't allow all users to access to SAML SSO via Azure (described in all of our Azure AD SSO setup guides,
i.e. here: Azure AD Enterprise app configuration),  you need to add the user to the SSO app you've created.

In the below screenshot User assignment required is enabled (usually we recommend to disabled it)

user assignment required enabled - server and data center product

If you need to keep these settings, you'd need to assign the users via Users and groups

assign user - server and data center product


As this can become quite an effort when managing many users, Azure also allows that for groups, but not with every Azure AD subscription plan.



SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products.  Our Jira Data CenterConfluence Data CenterBtibucket Data CenterJira ServerConfluence ServerBitbucket Server and other apps are all available on the Atlassian Marketplace. 

This site uses cookies to deliver its service & to analyse traffic. By browsing this site, you accept the privacy policy.

Our Wiki uses cookies

We want to give you the best possible experience on our website. For this we use technically required cookies and, if you agree, cookies for analysis and marketing purposes. You can find more information about the cookies in our Privacy Policy. By tapping ‘Accept All,’ you consent to the use of these methods by us and third parties.

Necessary
Always Active
Analytics
Advertisement
Other