In some instances, when a user accepts an invitation to join an ArcGIS Online organization configured with Microsoft Azure Active Directory (AD), the login fails, returning the following error message:
Error: The signed in user '<username>' is not assigned to a role for the application '<applicationnumber>' (ArcGIS Online).
The user is not assigned to a role when configuring the Security Assertion Markup Language (SAML) login for ArcGIS Online in the Azure Active Directory.
To resolve the error, the ArcGIS Online organization administrator must add the user to the organization's Azure Active Directory group for the user to access ArcGIS Online. Follow Microsoft: Create an Azure AD test user for steps to create the user in the Azure portal, and follow Microsoft: Assign the Azure AD test user for steps to enable the user to use Azure single sign-on to access ArcGIS Online.
Refer to Microsoft: Tutorial: Azure Active Directory integration with ArcGIS Online for more information on configuring Azure Active Directory with ArcGIS Online.
Note: ArcGIS Online single sign-on (SSO) enabled subscription must be available.