Mark (ESC) Posted October 28, 2020 Share Posted October 28, 2020 About to launch the portal quite soon, but hit an issue at the get go. User who use HornBill who are 'user' are able to navigate to the URL, but 'Basic' users get the message below. Guessing I need to assign all 'Basic' users a role ? Sign in Sorry, but we’re having trouble with signing you in. AADSTS50105: The signed in user 'user@domain' is not assigned to a role for the application '9c93831d-8130-48af-8ba8-d1d7750d87b0'(Hornbill - Live). Link to comment Share on other sites More sharing options...
James Ainsworth Posted October 28, 2020 Share Posted October 28, 2020 Hi Mark, I'm having a look to see if I can confirm which roles are needed. I'm assuming at the moment that basic users need the Basic User role. Could you provide a screen shot of the roles that you currently have assigned to the basic users? James Link to comment Share on other sites More sharing options...
Hornbill Staff DR Posted October 28, 2020 Share Posted October 28, 2020 Hi Mark, in order to access self-service, Basic Users require the following roles: * Basic User Role * Self Service User You'll find this information here on our wiki: https://wiki.hornbill.com/index.php?title=Roles under the section "Which roles should I associate?" However, what you've posted there (AADSTS50105) looks like an exception generated by Microsoft Azure so (assuming your basic users have the right roles in Hornbill) this is probably not directly related to Hornbill. If you're getting this message I'd speculate you have Single Sign On configured to some degree and you have Azure acting as your identity provider (IDP) i.e. the thing that authenticates users. Azure, as an IDP, provides a layer of governance in terms of which users are actually permitted to use an application (in this case Hornbill). The error here could be due to the fact that you haven't permitted users within your organisation to access the Hornbill application. This is done by associating user objects to the Hornbill Application which exists in your Azure tenant. This Microsoft document outlines this: https://docs.microsoft.com/en-in/azure/active-directory/manage-apps/add-application-portal-assign-users I'd suggest you speak with your Azure administrator who will be able to check the situation with Single Sign On and also app permissions in Azure. For reference, our documentation relating to Single Sign On can be found here https://wiki.hornbill.com/index.php?title=Single_Sign_On_with_SAML_2.0 I hope that helps. Best Regards, Dan Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now