When "User Assignment Required" is turned on for the application in Azure AD and the user is not directly assigned on in the group that is assigned, the logon process gets stuck at an Azure AD error message and won't return to the Angular code.
Is there any setting in MSAL that will allow for handling this error and displaying a "not logged on" type of screen that can provide instructions for how to get access?
This is the know issue.
This AADSTS50105 error means the user is not assigned to a role for the application when trying to sign into a SAML-based single sign-on configured app that has been integrated with Azure Active Directory.
When the silent signin sent to the login.microsoftonline.com endpoints, then AAD cookies is not being detected. And the cookies determined if the user is loggedin or not
Possible resolution: Some of the third parties disabled the cookies from which user can face this issue. You need to whitelist the login.microsoftonline.com endpoints in the browser extension.
Possible resolution: You can catch the error in callback and ask the user to login again and if the error occur you will ask the user to login again.
