Error in WebUI "User user@domain.com is not authorized on this app"

ON-PREMISES

CLOUD (see at bottom)

Symptoms

When SSO is implemented, a user tries to authenticate by using his credentials from their Office 365 tenant. The authentication succeeds, but in the WebUI an error message appears with exclamation icon that user is not authorized on this app. And the only possibility is to logout.

Moreover, logging out will not help because since SSO is activated, users from this Office 365 tenant will not be able to access the Web UI unless this issue is solved.

Problem

• This issue can happen in both Cloud or On-premises version of Boston.

• This issue happens because Tenand-ID is not properly set in the database for this Boston installation.

• Tenant-ID is set during first logon and the process will take the Tenant-ID of the user logging on.

• This issue occurs with a screenshot similar to the one below:

Solution

• Ensure you have the correct Tenant-ID from the customer. You can directly ask to your customer to ensure you have the correct information.

• Alternatively, you can ask your customer to refer to article How to check Microsoft Azure AD tenant GUID (gsx.com) to fetch the Tenant ID, or check it by yourself.

• With SQL Management Studio, check the “tenantId” value in the JSON found in the table “WebUi_Configuration“ from the Gizmo DB used by this customer. It should be different compared to the Tenant ID you got from your customer.

• 

  Note the old “tenantId” value (just in case you need to revert).

• Replace the old “tenantId” value only with the correct one. Do not change anything else!

INTERNAL ONLY - For this last step (replace “tenantId”) you can refer to the article Single sign-on - Additional Tenant configuration - SW Development Documentation - Confluence (atlassian.net) but ONLY focus on the “tenantId”.

CLOUD