SAP Knowledge Base Article - Public

3160979 - SSO with Azure AD, AADSTS50105 error when signing in to Signavio

Symptom

When logging in to Signavio using Single Sign-On (SSO), the following SSO provider pop-up window appears.

Message:  AADSTS50105: The signed in user
'sample.user@signavio.com' is not assigned to a role for the application
'ff5894b0-953a-464d-9e27-51abb7c34e1c'(Signavio). 

or

Message: AADSTS50105: Your administrator has configured the application SIGNAVIO ('...') to block users unless they are specifically granted (‘assigned’) access to the application. The signed in user 'sample.user@signavio.com' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.

Resolution

Please contact the Single Sign-On (SSO) Administrator, or specifically, the Azure Active Directory (AD) Administrator, and ask them to add the user to the Azure Enterprise Application "Signavio".
Please note that the error is not generated by the Signavio software.

Microsoft Reference

(As at May, 2020)

https://docs.microsoft.com/en-au/azure/active-directory/develop/reference-aadsts-error-codes

Authentication and authorization error codes

...

AADSTS50105

EntitlementGrantsNotFound - The signed in user is not assigned to a role for the signed in app. Assign the user to the app.
For more information:https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#user-not-assigned-a-role.

(NOTE: The error prefix AADSTS stands for Azure Active Directory Security Token Service).

Signavio References

SigDoc: Workspace administration > Managing users and access rights > Setting up single sign-on for your workspace

SaaS: Configuring SSO with Azure AD  (SSO)

Keywords

KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To

Product

SAP Signavio Process Manager all versions ; Signavio Process Manager all versions