How can we improve Azure Active Directory?

← Azure Active Directory

Provide a better end user message for "We received a bad request" or AADSTS50105 message when user doesn't have permission to an application

When using SAML-based SSO within Azure via a built-in app, or a custom non-gallery application, the error message that end users receive when they are not in a group that provides access is confusing.

Users could attempt to access the application if someone sends them the "User access URL", and the message that they receive is the following:

"Sorry, but we’re having trouble signing you in.
We received a bad request."

In very, very small text at the bottom of the screen, it says:
"Additional technical information:
Correlation ID: XXXXX
Timestamp: 2017-08-10
AADSTS50105: The signed in user 'user.name@contoso.com' is not assigned to a role for the application 'xxxxxx'.

Please update the text near the top of the screen to make it clear that the user has not been grated access to the application and to contact their administrator so that they do not think that something is broken. Attached is a screenshot.

Thank you.

13 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Attach a File
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Hermann commented  ·   ·  Flag as inappropriate

    We have a lot of staff with this error as well. Microsoft when can we get this?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Yes, we're eager to have such a possibility too, would be very helpful for the end-users to understand what's going on.

Azure Active Directory: End user experiences

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice