We integrate with Azure AD as the only available login option in our solution. When a first-time user is redirected to the Appfram solution, we have implemented SSO with user creation in Appfram. This process generally works fine. However, two users have experienced landing on an “Access Denied” page in Appfram the first time they try to log in. This issue resolves itself when they try again, and they do not encounter the same problem on subsequent logins once the user is created.
It appears that there might be a delay in the system within Appfram and/or Azure AD when a first-time user logs in and the Appfram user is created. Is there a way to resolve this so that users don’t receive the “Access Denied” error on their first login attempt?
Old topic, but it’s all I could find and we just had the same issue.
An Entra ID-authenticated user logged in for the first time and was told they didn’t have access (“Adgang nektet”).
I’ve previously observed a user account with a value in the “Last Login” field, but no roles. Could the role assignment on first login/acct. creation be delayed in some cases?
Unable to reproduce it by deleting and my own account and then re-creating it by logging in with SSO unfortunately.
Hi! Any updates on this? We’ve seen the issue both with regular user creation and with users created via SSO. While it’s frustrating in internal solutions, it has a significant impact on the first-time user experience in a SaaS context.
In one of our customer solutions, we set up a custom log to estimate how many users end up on the “Access denied” screen by tracking users who get an account created but don’t enter the solution immediately. The estimate was roughly 30% of all users (measured in June 2025).
I’m now working on a new solution where end users will have accounts created on first SSO login, and I’m wondering if this issue is still unresolved.
