How to Fix AADSTS50105: The signed in user is not assigned to a role for the application

Error message

AADSTS50105: The signed in user '<user>' is not assigned to a role for the application.

If you're seeing "AADSTS50105: The signed in user is not assigned to a role for the application", you're not alone. Here's what it means, why it happens, and the steps to resolve it.

Ad placeholder · slot error-mid

What this error means

The Enterprise Application requires user assignment, and the signing-in user has not been assigned to it (or to any of its app roles).

Why this happens

The app's 'Assignment required?' is set to Yes, and the user is neither directly assigned nor a member of an assigned group.

Step-by-step fix

Open Entra → Enterprise applications → <app> → Properties.
Either set 'Assignment required?' to No (if appropriate), or add the user/group under Users and groups.
If the app exposes app roles, assign the user to the correct role rather than leaving it as Default Access.

Affected products

Entra ID

Still broken? Try these

If the user inherits assignment via a group, confirm group membership has finished propagating.
Check whether Conditional Access is also blocking — sometimes the displayed error masks a CA decision.
Test sign-in with a different known-assigned user to confirm the app itself works.

Ad placeholder · slot error-bottom

Related errors

Frequently asked questions

What does "AADSTS50105: The signed in user is not assigned to a role for the application" mean?

The Enterprise Application requires user assignment, and the signing-in user has not been assigned to it (or to any of its app roles).

What causes "AADSTS50105: The signed in user is not assigned to a role for the application"?

The app's 'Assignment required?' is set to Yes, and the user is neither directly assigned nor a member of an assigned group.

How do I fix "AADSTS50105: The signed in user is not assigned to a role for the application"?

1. Open Entra → Enterprise applications → <app> → Properties. 2. Either set 'Assignment required?' to No (if appropriate), or add the user/group under Users and groups. 3. If the app exposes app roles, assign the user to the correct role rather than leaving it as Default Access. Always test changes in a non-production environment first.

Browse more errors in Entra ID: Fix Microsoft Entra ID (Azure AD) errors. AADSTS error codes, admin consent, app role assignment, Conditional Access, and user lookup problems. Or paste your own error into the error decoder tool to find a match. You can also go back to the homepage to browse common errors by topic.