Atlassian (Confluence/Jira)
      Back to home
      1. Help & Support
      2. Development of Specifications
      3. Atlassian (Confluence/Jira)

      Error AADSTS50105 encountered when logging into Bluetooth Atlassian Cloud sites

      Problem

      A managed account enforced with SSO through Microsoft Azure AD may encounter the AADSTS50105 error code. 

      • The managed account is logging into Atlassian cloud.
      • The user is automatically redirected to the Microsoft login page for authentication.
      • User is able to authenticate with the Microsoft UPN and password.
      • The following error is then returned to the user
      AADSTS50105: Your administrator has configured the application Atlassian Cloud 
('<APPLICATION_ID>') to block users unless they are specifically granted ('assigned') 
access to the application. The signed in user '<email address>' is blocked because 
they are not a direct member of a group with access, nor had access directly assigned 
by an administrator. Please contact your administrator to assign access to this application.

      Cause

      The Azure AD account has not been granted the permission to authenticate via the Azure AD application configured for SSO with Atlassian Access.

       

      If SAML SSO is enabled for the user's account, this user will be affected by the SAML SSO settings.
      In this case, the users won't be able to access any Atlassian cloud product or instance before an Azure Admin fix the problem on Azure for their accounts.

      Users will receive the error AADSTS50105 when they attempt to login via SAML SSO before they have been assigned to the Atlassian Cloud App in Azure AD.

       

      Resolution

      Please contact your company admin and request your Azure AD administrators and asked them to fix the error. They can perform either of the following

       

      In this case, the admins of the organization to contact the Azure admins and ask them to fix the error. Or, the admins of the organization need to create an authentication policy not enforcing SAML SSO to its members and add the users' accounts into this policy so they can log in to Atlassian products using their emails and Atlassian accounts password instead of Azure credentials.

      Option 1: Allow anyone in Azure AD to authenticate via Atlassian cloud application

      • Go tohttps://aad.portal.azure.com/
      • NavigateEnterprise Application > Atlassian Cloud
      • Open theProperties settings
      • Set the "
      • Save

      Option 2: Grant the permission to the specific account that is facing the AADSTS50105 error. 

      • Go tohttps://aad.portal.azure.com/
      • NavigateEnterprise Application > Atlassian Cloud
      • Open theUsers and Groups settings
      • Assign the account directly to the application or add the account as a member of any groups already assigned. 

       

      Source: Atlassian Support