Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,557,130
Community Members
 
Community Events
184
Community Groups

Activate Access for Portal Only Customers Synced with Azure AD

Jonathan McNabb
Jonathan McNabb Sep 28, 2019

We have an organization of 900 users. We are using Jira Service Desk and trying to setup access for approximately 850 of these users as Portal Only Customers. We have setup user provisioning utilizing Azure AD and Atlassian Access and all users have synced with no issues. The entire user base has been added to a specific Service Desk Project as portal users. Our Service Desk Agents have no issues logging in using SSO, but new users that have been synced get the following error when using SSO for the Service Desk Portal.

Screenshot 2019-09-27 13.55.37.png

The user provisioning documentation says that "You can activate a user's Atlassian account from the identity provider", but I cannot figure out how to do that. 

Any suggestions? 

 

 

Answer
Watch
Like Be the first to like this
524 views

1 answer

0 votes
Ramon Macalinao
Ramon M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 14, 2019 • edited

Hi Jonathan, 

Thanks for using Atlassian Community. 

The error in your screen shot actually indicates that the user does not have permission to use the enterprise app in Azure side. When the the user tries to login into Atlassian, the login flow will fail on Azure side. The failure is on the SAML Single Sign-on setup, not in user provisioning. 

Usually, there is a single Atlassian Cloud enterprise app on Azure side where you configure both Single Sign On and User Provisioning. Users assigned to that single app will both be provisioned into Atlassian and will be able to use the SSO. 

app.png

If the user has been provisioned into the cloud site but is not able to SSO, I suspect you have configured 2 separate enterprise app in Azure side. 

  • Go to https://aad.portal.azure.com/
  • Open Enterprise Applications
  • Find the "Atlassian Cloud" app that is configured with Single Sign On for Atlassian.
  • In the app's Users and Groups, add the user. 
  • Request the user to try and login again into Atlassian. 

I hope this helps. 

Regards,
Ramon

Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events