Jump to content

Employee Portal going live - 'Basic' users denied access: AADSTS50105

Mark (ESC)

Recommended Posts

About to launch the portal quite soon, but hit an issue at the get go.

User who use HornBill who are 'user' are able to navigate to the URL, but 'Basic' users get the message below.

Guessing I need to assign all 'Basic' users a role ?


Sign in

Sorry, but we’re having trouble with signing you in.

AADSTS50105: The signed in user 'user@domain' is not assigned to a role for the application '9c93831d-8130-48af-8ba8-d1d7750d87b0'(Hornbill - Live).


Link to comment
Share on other sites

  • Mark (ESC) changed the title to Employee Portal going live - 'Basic' users denied access

Hi Mark,

in order to access self-service, Basic Users require the following roles:

* Basic User Role
* Self Service User

You'll find this information here on our wiki: https://wiki.hornbill.com/index.php?title=Roles under the section "Which roles should I associate?"

However, what you've posted there (AADSTS50105) looks like an exception generated by Microsoft Azure so (assuming your basic users have the right roles in Hornbill) this is probably not directly related to Hornbill. If you're getting this message I'd speculate you have Single Sign On configured to some degree and you have Azure acting as your identity provider (IDP) i.e. the thing that authenticates users.

Azure, as an IDP, provides a layer of governance in terms of which users are actually permitted to use an application (in this case Hornbill). The error here could be due to the fact that you haven't permitted users within your organisation to access the Hornbill application. This is done by associating user objects to the Hornbill Application which exists in your Azure tenant. This Microsoft document outlines this: https://docs.microsoft.com/en-in/azure/active-directory/manage-apps/add-application-portal-assign-users

I'd suggest you speak with your Azure administrator who will be able to check the situation with Single Sign On and also app permissions in Azure. For reference, our documentation relating to Single Sign On can be found here https://wiki.hornbill.com/index.php?title=Single_Sign_On_with_SAML_2.0

I hope that helps.

Best Regards,

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

  • DanielRi changed the title to Employee Portal going live - 'Basic' users denied access: AADSTS50105

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...