We have an organization of 900 users. We are using Jira Service Desk and trying to setup access for approximately 850 of these users as Portal Only Customers. We have setup user provisioning utilizing Azure AD and Atlassian Access and all users have synced with no issues. The entire user base has been added to a specific Service Desk Project as portal users. Our Service Desk Agents have no issues logging in using SSO, but new users that have been synced get the following error when using SSO for the Service Desk Portal.
The user provisioning documentation says that "You can activate a user's Atlassian account from the identity provider", but I cannot figure out how to do that.
Thanks for using Atlassian Community.
The error in your screen shot actually indicates that the user does not have permission to use the enterprise app in Azure side. When the the user tries to login into Atlassian, the login flow will fail on Azure side. The failure is on the SAML Single Sign-on setup, not in user provisioning.
Usually, there is a single Atlassian Cloud enterprise app on Azure side where you configure both Single Sign On and User Provisioning. Users assigned to that single app will both be provisioned into Atlassian and will be able to use the SSO.
If the user has been provisioned into the cloud site but is not able to SSO, I suspect you have configured 2 separate enterprise app in Azure side.
I hope this helps.