Access Blocked to Mary Technology — How to Fix [Error AADSTS50105]

When a user tries to log in to Mary Technology via Microsoft 365, they may see this message:

AADSTS50105: Your administrator has configured the application to block users unless they are specifically granted (‘assigned’) access to the application.

This means that in your Microsoft Entra ID (formerly Azure AD), the “Mary Technology” enterprise application is set to require explicit assignment for users. If the signing-in user is not assigned (directly or via a group), access is blocked.

Who can fix it

An administrator with any of these roles is able to make the changes:

• Global Administrator

• Cloud Application Administrator

• Application Administrator

How to choose the correct fix

Select the option that best matches how your organisation wishes to manage access:

Step-by-step instructions

Option A – Allow broad access (disable assignment requirement)

1. Sign in to the Microsoft Entra admin centre: https://entra.microsoft.com

2. Navigate to Enterprise applications → All applications.

3. Search for and open Mary Technology.

4. In the left menu, select Properties.

5. Find the setting User assignment required? and change it to No.

6. Click Save.

7. Ask the user to sign in again, and if needed, using a private/incognito browser window (to avoid cached session issues).

Use this option when you want everyone in your organisation to be able to access the app, without individual assignment.

Option B – Controlled access (assign specific users or groups)

1. Sign in to the Entra admin centre.

2. Go to Enterprise applications → All applications → Mary Technology.

3. In the left menu, click Users and groups.

4. Click Add user/group.

5. Choose either:

   • Specific users, or

   • A security group (recommended for easier ongoing management)

6. Under “Select role”, choose Default Access (or User, if that option is available).

7. Click Assign.

When you use this option, only the users/groups you assign will be able to sign in to Mary Technology.

Option C – Grant admin consent (if user-consent is blocked or permissions require approval)

1. Sign in to the Entra admin centre.

2. Navigate to Enterprise applications → All applications → Mary Technology (or enter the App ID).

3. In the left menu, select Permissions (or “Permissions & consent”).

4. Click Grant admin consent for <Your Organisation>.

5. Confirm the action.

Use this option when the assignments are correct, but access is still blocked—often because your tenant restricts users from granting consent to apps themselves.

After you apply any fix: Testing & verification

• Ask the user to attempt to sign in again at https://app.marytechnology.com/login → “Sign in with Microsoft”.

• Ensure they use a private/incognito browser window to avoid cached session issues.

• If sign-in still fails, check in Microsoft Entra ID → Sign-in logs — this can provide more detailed error information.

• Also verify that no Conditional Access or MFA policies are inadvertently blocking the Mary Technology app.

Best practices

• Assign access using security groups, not individual users. This makes future management far simpler.

• Periodically review which users/groups have access and remove those who no longer need it.

• Monitor sign-in logs regularly to catch blocked attempts early.

• Always consider whether Conditional Access or MFA policies could be interfering, even when app assignments are configured correctly.

Summary

Error AADSTS50105 means: A user isn’t assigned, but the application requires assignment.
You have three effective paths to resolve this:

• Option A: Disable the assignment requirement (for broad access)

• Option B: Assign users/groups (for controlled access)

• Option C: Grant admin consent (if user-consent or permission restrictions apply)

Using groups for assignment is generally the most scalable and maintainable approach.