Overview
When accessing Team Dynamix, Banner, MyUI, and other applications, you may see this error message:
Example Application Name
Sorry, but we're having trouble signing you in.
AADSTS50105: Your administrator has configured the application Example Application Name ('00000000-0000-0000-0000-000000000000') to block users unless they are specifically granted ('assigned') access to the application. The signed in user 'jvandal@uidaho.edu' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.
Image of similar error message:
Resolution
User accounts can be marked as personal (Individual) accounts or non-personal. Personal accounts may be used to sign-in to services like Banner while all non-personal accounts are blocked. This is because many non-personal accounts have shared passwords.
If your personal account is getting this error message you will need to contact IT Local Support and ask to have your account marked correctly as a personal account.
IT Support
Warning: there is a special configuration for Cashier Office secondary accounts. They must have the ExtensionAttribute13 set to override their personal UDCID. Do not set the secondary account as personal.
For support agents, this attribute is changed in Toolbox while editing the "Active Directory" account. Uncheck the "Functional / Shared" attribute so the account is set as personal. This change will take up to 4 hours to propagate to all services.
