Jira Cloud mobile app login failure on iOS with Entra ID SAML SSO — Microsoft Enterprise SSO plugin

We are unable to log in to the Jira Cloud mobile app on iOS devices where Entra ID is configured as the SAML SSO identity provider. Authentication completes successfully on both the Entra and Atlassian side — Entra sign-in logs show a successful token issuance and our Atlassian audit log records a successful user_login event — but the Jira app itself never picks up the session and shows a login failure.

Environment

• Jira Cloud (esosolutions.atlassian.net)
• Identity provider: Microsoft Entra ID via SAML SSO (enforced for all users)
• Affected iOS versions: 26.5 (tested on two independent devices)
• Jira app: latest version from App Store
• Device management: one device Intune MAM-enrolled, one completely unmanaged — both fail identically
• Android: works correctly with the same account and policy

What we see in logs

• Entra sign-in logs show Jira Cloud by Atlassian entries with error 65001 (consent) → 90092 → eventual Success at the broker level
• Atlassian audit log shows user_login success but timing suggests this is the browser session, not the app session
• Atlassian "Recent devices" shows the iOS session attributed to Edge browser rather than the Jira app — confirming the session token is not being handed back to the native app after the browser-based SAML flow completes
• Android session correctly attributed to Jira app in the same devices view

What we have tried

• Multiple Jira app reinstalls
• Reinstalling Microsoft Authenticator
• Setting Edge as default browser on iOS
• Verified CA policy is not involved — CA shows "Not Applied" on all Jira app sign-in entries
• Verified Atlassian mobile security policy is correctly applied

Question

We found Atlassian's support article referencing the Microsoft Enterprise SSO plugin for Apple devices as a fix for Entra ID compliance check failures in the Jira iOS app. However our issue appears slightly different — CA compliance is not blocking us, the SAML redirect callback from the browser back to the native Jira app is failing silently.

Has anyone resolved Jira Cloud iOS login failures with Entra ID SAML SSO specifically on iOS 26? Is the Microsoft Enterprise SSO plugin the correct fix for the redirect callback issue, or is there something else at play? Any experience with this on recent iOS versions would be appreciated.