Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Azure SSO: We were unable to verify the email associated with your Microsoft account

Hello Community!

We are setting up a new Helpdesk and Knowledge Base for our business and we are sold on Jira Service Management and Confluence, so I set up Azure SSO (SAML) with Atlassian Access.

I am able to login as myself with my Azure account, so I created a new Azure user to test with and the account was pulled into Atlassian Access almost immediately. I opened a new private Chrome tab to test the experience when logging in as a customer.

I didn’t get any hits when searching for text that appears on the pages I land on so I will add that information to this post even though the images describe the same text, I apologise if this makes this post lengthy.

After navigating to our Confluence Portal and the Service Management Help Center (which I believe is just a drilled down level within the Confluence Portal). The links are:

Confluence Portal: https://OurOrganization.atlassian.net/servicedesk/customer/portals

Jira Service Management Help Center: https://OurOrganisation.atlassian.net/servicedesk/customer/portal/2

Both of these links loads the correct portal:

FD2F012C-789A-41DB-A44F-BAF9443D5B7E.jpeg

 

After entering the email address, I am correctly redirected with the title Your group uses single sign-on and a button with the title Login in with single sign-on:


7432B838-B588-45D6-B4A1-3107D60F74FB.jpeg

 

I then get the default Atlassian login page. After entering the email address, the page recognises the username (which I was surprised at honestly!) however after entering the password I’m given the error message Incorrect email address and / or password. Do you need help logging in?


63C77773-AF2B-498D-A348-55E67CAE67D7.jpeg


I can understand that technically this username doesn’t have an Atlassian account, though I would like this to happen when we pull that user in via Atlassian Access. I want them to exist so I can select their name when creating a ticket (which seems to be the case currently) but if I can have them login here at this page, that would be wonderful.

If that’s not possible, I can understand that we might be required to click Continue with Microsoft in order to login. However the reason for my post is that after being redirected to Microsoft and logging in, I hit this page:

0491E769-6832-4A4B-8A97-884D40105D3F.jpeg



The message reads We were unable to verify the email associated with your Microsoft account, so let’s do that now.


Now admittedly after clicking the button, I get an email with a code and I can successfully verify the account and login as that employee. I’d like to simplify the login process for our employees as much as possible, hence the desire to login at the first Atlassian login page. So having them receive a code and verifying their account before they can login to respond to tickets or manage them is a little much for our business.

Is there a way to simplify this? I’m possibly importing the wrong fields from Azure or something? When I created the Azure app, I used the automatic method and everything was customised and set up via that tool so I would expect that it’s configured correctly but I don’t know if this is the expected experience for an organisation customer to encounter for Atlassian/Jira products.

Any help would be absolutely amazing, I think that the community here is outstanding and I look forward to not only using these products for our business but hopefully to assist the community in the future after I find my feet with these products!

Thank you everyone!
Eli

1 answer

0 votes
Dave Meyer Atlassian Team Mar 17, 2021

Hi @Elijah Wolf ,

So I think your diagnosis of the problem is correct – we initially do a check on the domain to recognize that you should log in with SSO, but on the next login screen, that user doesn't actually haven an Atlassian account yet so they aren't automatically sent to the SSO provider.

I think the simplest way to solve this would be to set up user provisioning from Azure AD:

1. That will ensure that any new users you create will have an Atlassian account automatically

2. Provisioning from Azure AD bypasses the email verification step

The instructions to set that up are here: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial

Typically the way to do this with JSM is to put all your "customer" users (i.e. non-agents) in a group. You should make sure that group is synced to the site, but is not a "product access group" for JSM, so that they don't get billed as agents. 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Atlassian Access

See Atlassian Access in action - Live Demo

Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...

108 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you