You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Hi Community, I just configured SSO with Azure AD as described here: Tutorial: Azure Active Directory integration with Atlassian Cloud - Microsoft Entra | Microsoft Docs
The SSO does work when the user enters his email and hits next.
But it doesn't work when he selects "Continue with Microsoft" (he has a licensed M365 account). The thing is that the user is being asked this (see screenshot):
So somehow while authenticating it does not recognize that there is a fully configured enterprise Application existing in Azure AD and wants to add another one.
Should users just not use the Microsoft button or is my config wrong?
As per previous interactions with Atlassian support – "Continue with Microsoft" uses some mysterious instance of "Atlassian" OAuth enterprise application in Azure AD, which is indeed distinct from the "Atlassian Cloud" you would configure for SAML.
I can only suggest to reach out to Atlassian support, but don't expect much. I was not able to get any details on how to configure this app, and specifically how to disable it properly.
As per Atlassian response to me at the time:
We do not have an official documentation on this one as this is purely Microsoft workflow. I suggest to reach out to Microsoft as well to see if they have some information on this one as we don't have any visibility on this. We tested removing this application and yes this seems to be the case that it will be re-created automatically.
Based on the error you are getting this application currently is not deployed/configured correctly in your Azure AD.
If you do get it configured while having SAML SSO configured as well, the flow for the user would be very similar, so it becomes merely a somewhat handy shortcut.
Without SAML SSO configured there is a distinction. See answer here: https://community.atlassian.com/t5/Atlassian-Access-questions/Azure-AD-integration-difference-between-OAuth-and-SAML/qaq-p/1511680
We (TechTime, a Platinum Atlassian Solution Partner in Aotearoa – New Zealand) usually recommend to our customers to instruct their users "not to use this social login", but since it's impossible to disable, and impossible to get rid of – this is kinda moot.
Atlassian Support did provide this ticket to vote on to make this "social login" flow work the same as the SAML one:
There is also this one to be able to disable this button