Problem

When using SSO for Jira Data Center or SSO for Confluence Data Center with Azure AD you might receive an error from Azure after providing the username and password:
The signed in user is not assigned to a role for the application

AADSTS50105: The signed in user 'azure-username' is not assigned to a role for the application 'a33eedec-d848-4552-bb59-af60a2aeb63c'(name-of-the-sso-enterprise-app in Azure).

Solution

If you don't allow all users to access the SAML SSO for Atlassian Data Center app via Azure (described in all of our Azure AD SSO setup guides,
i.e. here: Azure AD Enterprise app configuration), the user must be directly added to the SSO app you've created.

In the below screenshot User assignment required is enabled (usually we recommend to disable it)

If you need to keep these settings, you'd need to assign the users via Users and groups

As this can become quite an effort when managing many users, Azure also allows that for groups, but not with every Azure AD subscription plan.