Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Automation Azure Runbooks connection asks for permissions every time and never logs in

Toby Hessellund
Toby Hessellund April 3, 2024

I'm trying to start a Runbook in Azure within Jira Automation and every single time it asks to login to azure and when I do I get the following pop-up. Even though I have approved it many times, it still pops up like it never took hold. 

7RLTpS8IT0.png

Each time, I'll get the following. 

msedge_Cqmom5vYAy.png

the Service Account I'm using has admin access to the project where the automation is running and is a Automation Job Operator on the Azure side. 

Let me know what I seem to be missing here or what other information I can share.

Answer
Watch
Like Be the first to like this
913 views

3 answers

0 votes
Silvano Bemer
Silvano Bemer November 26, 2024

We believe it has to do with the enforcement of "prompt=consent" in the URL. 

See: https://medium.com/@namsoochoi/solved-need-admin-approval-or-approval-required-aadsts90094-error-during-microsoft-sign-in-b3fde2ec4523

Reply
0 votes
Toby Hessellund
Toby Hessellund April 17, 2024

Does anyone know what the minimum role is needed in Azure for this connection to work?

Reply
0 votes
Toby Hessellund
Toby Hessellund April 10, 2024

I've discovered this seems to be related to the level of permissions on the Azure side. The service account has job operator permissions and I tested it with an admin account and it connected successfully. I'll have to see what the minimum is needed to connect.

View More Comments
Daniel
Daniel
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 22, 2025

I'm struggling with this issue as well. Only seem to work when signing in and consenting with Global Admin account.

@Toby Hessellund did you find out what minimum permissions to issue the service account to get it working?

Like
Toby Hessellund
Toby Hessellund June 2, 2025

@Daniel I never did get an answer for this. I ended up just creating a runbook URL and passed the information to that.

Like Daniel likes this
Silvano Bemer
Silvano Bemer June 3, 2025

@Toby Hessellund @Daniel 

Please see the following documentation: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal#configure-user-consent-in-microsoft-entra-admin-center

I got in touch with support and managed to solve it by setting the setting to "Allow user consent for apps from verified publishers, for selected permissions."

Also, just so you are aware, we had to put the “Assignment required?” option to “No”. Even when the user I am trying to use is assigned to the application it would forward me to the request approval screen. If I put this to “No” I can accept the permissions as a non-admin user and connect successfully.

After you successfully granted permissions and completed the flow with the desired account you can actually revert all the changes you made. It will keep working. 

Good luck!

Like Daniel likes this
Daniel
Daniel
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 3, 2025

Thanks for the reply @Silvano Bemer

I'd prefer not to allow consent for users at all to avoid application sprawl by opening the flood gates. But might consider it temporarily if its the solution.

By doing this where you able to get it work with Azure RBAC assignments only? I'm trying to keep it to as low privileges as possible. 

Like
Silvano Bemer
Silvano Bemer June 3, 2025

Hi @Daniel

We had the same discussions, but decided to allow the consent temporarily (for a few minutes). After the user completes the workflow we reverted back the setting. This was the only thing that worked for us, sadly. Luckily you can do it pretty quickly, it only took us a few minutes total. 

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security