Provide a better end user message for "We received a bad request" or AADSTS50105 message when user doesn't have permission to an application
When using SAML-based SSO within Azure via a built-in app, or a custom non-gallery application, the error message that end users receive when they are not in a group that provides access is confusing.
Users could attempt to access the application if someone sends them the "User access URL", and the message that they receive is the following:
"Sorry, but we’re having trouble signing you in.
We received a bad request."
In very, very small text at the bottom of the screen, it says:
"Additional technical information:
Correlation ID: XXXXX
Timestamp: 2017-08-10
AADSTS50105: The signed in user 'user.name@contoso.com' is not assigned to a role for the application 'xxxxxx'.
Please update the text near the top of the screen to make it clear that the user has not been grated access to the application and to contact their administrator so that they do not think that something is broken. Attached is a screenshot.
Thank you.

2 comments
-
Hermann commented
We have a lot of staff with this error as well. Microsoft when can we get this?
-
Anonymous commented
Yes, we're eager to have such a possibility too, would be very helpful for the end-users to understand what's going on.