Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,464,809
Community Members
 
Community Events
176
Community Groups

Seamless sign-in from AzureAD using SAML SSO

Hi,

I just set up Atlassian Cloud SSO using this tutorial on my trial account. It seems to be set up correctly however the sign-in isn't seamless.

When signed in to MS365 and starting a IDP initiated flow to login to Atlassian, I'm still presented with the https://id.atlassian.com/ sign-in page. There I need to fill in my email address and only after that sign-in happens.

Is this expected behaviour? I would have thought my email address would be detected automatically as it is sent in the claim.

-John

 

 

2 answers

0 votes

Hi John,

Thank for confirming that. I think I misread your query at first.

For IDP initiated login user will be redirected to id.atlassian.com but should not be presented with the option to fill in the email address again. Rather on redirection, it should automatically log in the user and redirect the user to the Atlassian site user has access to.

So, the behavior you notice is not the expected one. Check if your Atlassian site URL is correctly updated as Relay state URL with SSO configuration on Azure and try to log in using an incognito window. 

Regards,
Jayant

Thanks Jayant, 

 

I did have the Relay state URL https://[ourname].atlassian.net configured in the Basic SAML Configuration of the AzureAD Ent Application.

But it was also added next to Sign On URL as explained in Step 16 (under configure-azure-ad-sso) to support SP initiated SSO flow.

I just removed the Sign On URL value and my sign-in went straight through!

The SP initiated flow still works as well, so step 16 may not be needed?

@John M_  I believe you need a trailing slash ("/") at the end. This worked for me.

Hi John,

Please confirm if SAML SSO is enabled at your Atlassian organization under Security --> Authentication policies, and your account is added under SSO enabled authentication policy.

Regards,
Jayant

Thanks Jayant for that info.

SAML SSO is enabled and I forgot to mention that I did create an additional authentication policy in which SSO is enforced and I added my test user as a member of that Auth policy.

Are you saying that I shouldn't get the additional prompt for email address?

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events