Forum Discussion

ggreer's avatar
ggreer
Copper Contributor
Feb 03, 2026

AADSTS50105 error message is unreadable for end users — UX improvement suggestion

1. What’s wrong with the current error message

a. It’s written for administrators, not users

The message exposes:

  • Internal system names (AADSTS50105)
  • GUIDs (aaaabbbb-cccc-dddd-eeee-ffff01234567)
  • Identity provider jargon (“direct member of a group with access”)

None of this helps the person who sees the error decide what to do next.

b. The actual problem is buried in a wall of text

The real issue is simply:

You don’t have permission to access this app.

Instead, the message forces users to:

  • Read a long paragraph
  • Decode domain-specific language
  • Guess which part matters

Cognitively, this is high effort for low payoff.

c. “Contact your administrator” is vague and unhelpful

Users ask:

  • Which administrator?
  • IT? Security? App owner? Their manager?
  • What should they say?

Without context, users either:

  • Ignore the error
  • Forward screenshots randomly
  • Open the wrong support ticket

d. Error codes without guidance increase support load

AADSTS50105 may be meaningful internally, but:

  • Users don’t know whether to Google it
  • Support teams receive unclear tickets (“it doesn’t work”)

This paradoxically raises support cost instead of lowering it.

2. What a better error message should do

A good error message answers four questions in order:

  1. What happened?
  2. Why did it happen (in plain language)?
  3. What can the user do next?
  4. Who specifically can help?

And it does so in under 30 seconds of reading time.

3. Example of a much better error message

You don’t have access to [APPLICATION]

Your account (email address removed for privacy reasons) isn’t currently authorized to use [APPLICATION].

This usually means:

  • You haven’t been added to the required security group, or
  • Access hasn’t been requested or approved yet.

What to do next

  • If you believe you should have access, contact IT Service Desk or your [APPLICATION] owner and request access.

Helpful details to include in your request

  • Application name: [APPLICATION]
  • Your email: email address removed for privacy reasons
  • Error reference: Access not assigned

(Error ID: AADSTS50105 — for IT use)

4. Optional but high-impact improvement: Add a “Request Access” button or link

One-click takes users to:

  • ServiceNow / Jira / internal form
  • Auto-populates app name and user email
  • Administrators configure support link when configuring the application
Access Management
Administrator
App Connectors
Apps
Authentication
SSO
No RepliesBe the first to reply

Resources