Description

What is the nature and description of the request? Currently, when a user is denied access to Ansible Automation Platform (AAP) via SSO/IDP mapping (Ref: KCS 7129439), the system creates a user object for audit purposes and bring up a UI where the user has no role or privilege to do anything in the platform, which confuse some people.

This request asks for this specific improvements: 

• Explicit Error Messaging: When a user is authenticated via SSO but denied access to AAP due to mapping rules, the UI should explicitly display a message: "You are not authorized to log in to AAP. Please contact your administrator."

Why does the customer need this?

• Reduced Support Burden for Automation Engineers: Users currently face a strange experience, they appear as logged in but unable to perform any task. This creates unnecessary internal tickets for our customers and load on their Automation team.

How would you like to achieve this?

• Modify the login handshake to catch the "Mapping Deny" logic and trigger a specific UI notification.

• Add a "Denied" or "Unauthorized" status attribute to the User that is toggled when the SSO mapping evaluation returns False.

List any affected known dependencies:

• AAP UI (Gateway)