Share via

EntraID & Google Workspace Integration

Udi Ben Hamo 0 Reputation points
2025-02-06T10:26:18.98+00:00

Hi,

I Would like to configure the following setup:

When I login to my application, it will show EntraID login page.

The authentication will be using google workspace account.

So I expect EntraID to fetch or use the users db configured in our google workspace account.

I configured an Enterprise Application which uses G-suite / Google Connector.

Test works properly.

However when I try to login to my application with my user, I receive the following:

AADSTS50105: Your administrator has configured the application Google Cloud ('839b71ae-0c22-485e-935e-ee093171a97c') to block users unless they are specifically granted ('assigned') access to the application. The signed in user '******@upstream.auto' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.

Any suggestions? Is this a valid option?

I can provide relevant configurations if needed.

Thank you in advance.

Udi

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,137 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sanoop M 600 Reputation points Microsoft Vendor
    2025-02-06T20:28:45.01+00:00

    Hello @Udi Ben Hamo,

    Thank you for posting your query on Microsoft Q&A.

    Please note that based on the error message what you are getting when you are trying to access the application, AADSTS50105: Your administrator has configured the application Google Cloud ('839b71ae-0c22-485e-935e-ee093171a97c') to block users unless they are specifically granted ('assigned') access to the application. The signed in user '******@upstream.auto' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.

    I would like to share the following details about this Error code: AADSTS50105 below.

    Symptoms

    You receive the following error message when you try to sign in to an application that has been set up to use Microsoft Entra ID for identity management using SAML-based Single Sign-On (SSO):

    Error AADSTS50105 - The signed in user is not assigned to a role for the application.

    Cause

    The user hasn't been granted access to the application in Microsoft Entra ID. The user must belong to a group that is assigned to the application, or be assigned directly.

    Note:

    Nested groups are not supported, and the group must be directly assigned to the application.

    Resolution

    To assign one or more users to an application directly, please refer to the steps mentioned in the document below.

    Quickstart: Assign users to an app.

    For more details about this error code AADSTS50105, please refer to the below document for your reference.

    https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/app-integration/error-code-AADSTS50105-user-not-assigned-role#symptoms

    I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks and Regards,

    Sanoop Mohan

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.