Symptom
When logging in to Signavio using Single Sign-On (SSO), the following SSO provider pop-up window appears.
Message: AADSTS50105: The signed in user
'sample.user@signavio.com' is not assigned to a role for the application
'ff5894b0-953a-464d-9e27-51abb7c34e1c'(Signavio).
or
Message: AADSTS50105: Your administrator has configured the application SIGNAVIO ('...') to block users unless they are specifically granted (‘assigned’) access to the application. The signed in user 'sample.user@signavio.com' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.
Resolution
Please contact the Single Sign-On (SSO) Administrator, or specifically, the Azure Active Directory (AD) Administrator, and ask them to add the user to the Azure Enterprise Application "Signavio".
Please note that the error is not generated by the Signavio software.
Microsoft Reference
(As at May, 2020)
https://docs.microsoft.com/en-au/azure/active-directory/develop/reference-aadsts-error-codes
Authentication and authorization error codes
...
AADSTS50105
EntitlementGrantsNotFound - The signed in user is not assigned to a role for the signed in app. Assign the user to the app.
For more information:https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#user-not-assigned-a-role.
(NOTE: The error prefix AADSTS stands for Azure Active Directory Security Token Service).
Signavio References
Keywords
KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To