How to resolve error "the signed in user is blocked because they are not a direct member of a group with access" for VandalWeb?


When accessing VandalWeb through you may see this error message:


Sorry, but we're having trouble signing you in.

AADSTS50105: Your administrator has configured the application VandalWeb ('ee516b89-242f-4a13-8dd6-2cd3ba29a603') to block users unless they are specifically granted ('assigned') access to the application. The signed in user '' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.

Image of error message:

Uploaded Image (Thumbnail)



User accounts can be marked as personal (Individual) accounts or non-personal. Personal accounts may be used to sign-in to services like VandalWeb while all non-personal accounts are blocked. This is because many non-personal accounts have shared passwords.

If your personal account is getting this error message you will need to contact IT Local Support and ask to have your account marked correctly as a personal account.


IT Support

Warning: there is a special configuration for Cashier Office secondary accounts. They must have the ExtensionAttribute13 set to override their personal UDCID. Do not set the secondary account as personal.

For support agents, this attribute is changed in Toolbox while editing the "Active Directory" account. Uncheck the "Functional / Shared" attribute so the account is set as personal. This change will take up to 4 hours to propagate to all services.

Uploaded Image (Thumbnail)


Print Article


Article ID: 2159
Wed 5/25/22 12:11 PM
Tue 5/14/24 1:30 PM