Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian Access & Azure AD SSO / Provisioning

Christopher Schmitt
Christopher Schmitt
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 12, 2024

Hello everyone,

I am currently working on the connection of Azure AD and have a problem with SSO.

We have configured SAML/SSO and user provisioning. User provisioning works, but unfortunately SSO does not.

Info about our Azure AD:
user principle name = ShortName@internal-domain.de
e-mail address = Surname.Lastname@external-domain.de

I log in to Atlassian with my e-mail address.
Then I am forwarded to Microsoft. I can log in there with my Azure AD access data (e-mail address or user principle name + password) and when I am redirected to Atlassian, I get an error.

Fehlermeldung.png

 

Mapping is as follows:

mapping-saml-sso.png

We have configured this according to the following instructions:
https://learn.microsoft.com/en-us/entra/identity/saas-apps/atlassian-cloud-tutorial

 

Would be great if someone has a tip.

 

Thanks a lot!

Greetings
Christopher

Answer
Watch
Like Be the first to like this
807 views

3 answers

1 accepted

0 votes
Answer accepted
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 14, 2024

Hello, @Christopher Schmitt and @David Kerry 

1) Assuming the user ACTUALLY has the email address in the mail attribute (this is NOT a given for people without Office365 subscription, or those pushed from on premises AD) this error usually indicates a mismatch in certificates – so re-download the cert from AzureAD, open up in text editor and copy-paste again.

2) The difference in UPN and email, and what you use to login into Azure AD, is irrelevant – Atlassian Cloud keys EVERYTHING on the email address.

3) You may want to check some answers I've provided earlier on how to configure SSO and User Provisioning correctly:

In the case of Azure AD/Entra ID, the documentation published (by Atlassian?) to the Microsoft documentation site completely omits a very important detail about setting "Matching Precedence" correctly and could, and indeed has been, misunderstood by the admins. And to complicate this, the default value of that being set to the "User Principal Name" is wrong too in a general enterprise use case, since UPNs can change – it should instead be the Object ID.

Reply
0 votes
Christopher Schmitt
Christopher Schmitt
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 14, 2024

Hello,

I have fixed the problem together with Atlassian Support. They were able to tell me exactly where the problem was. There was a problem with the certificate. I added it again and everything worked.

Greetings
Christopher

View More Comments
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2024

@Christopher Schmitt I am glad the problem has been resolved. I would appreciate if you can accept my answer since I seem to have been spot on?

Like Christopher Schmitt likes this
Reply
0 votes
David Kerry
David Kerry
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 11, 2024

We also have the exact same error. Does anyone have any solutions for this? 

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Guard
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.