Unable to set up SAML

Hi all

We are in the process of setting up SAML using Azure AD. I have set up the Azure side of things, imported the cert and set the logina dn logout addresses in New Relic, however when I come to test I’m being left on the Microsoft screen and getting the below error:

AADSTS50105: The signed in user ‘user@domain.tld’ is not assigned to a role for the application ‘########-####-####-####-############’.

I have deleted and recreated from scratch and am unable to see where the issue lies. The account has access in both Azure, and New Relic.

Thanks in advance
Miles

Hi @Miles.Hayler, if the error message you are getting is passing you back to a Microsoft page, you will need to check in with Microsoft Azure for troubleshooting this issue. I checked our logs, and we haven’t seen any SAML errors for your account.

I wish I had more to offer, but SSO issues tend to be either on the IdP side of the fence, or on our (Service Provider) side, One side doesn’t really have insight into how the other works, although we will always offer our best guess.

Thanks for that. I ended up following up with Microsoft and the issue was related to having 2 New Relic “apps”. Seemingly Azure’s SAML sets up its URLs based on the login address rather than per application, so my request was being sent somewhere completely to where I thought. I deleted both Azure apps and it worked first time.

Thanks again

1 Like