How can we improve Azure Active Directory?

Provide a better end user message for "We received a bad request" or AADSTS50105 message when user doesn't have permission to an application

When using SAML-based SSO within Azure via a built-in app, or a custom non-gallery application, the error message that end users receive when they are not in a group that provides access is confusing.

Users could attempt to access the application if someone sends them the "User access URL", and the message that they receive is the following:

"Sorry, but we’re having trouble signing you in.
We received a bad request."

In very, very small text at the bottom of the screen, it says:
"Additional technical information:
Correlation ID: XXXXX
Timestamp: 2017-08-10
AADSTS50105: The signed in user 'user.name@contoso.com' is not assigned to a role for the application 'xxxxxx'.

Please update the text near the top of the screen to make it clear that the user has not been grated access to the application and to contact their administrator so that they do not think that something is broken. Attached is a screenshot.

Thank you.

13 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Yes, we're eager to have such a possibility too, would be very helpful for the end-users to understand what's going on.

Feedback and Knowledge Base