Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,463,773
Community Members
 
Community Events
176
Community Groups

SAML SSO with Azure AD does not work when using "Continue with Microsoft"

Hi Community, I just configured SSO with Azure AD as described here: Tutorial: Azure Active Directory integration with Atlassian Cloud - Microsoft Entra | Microsoft Docs

 

The SSO does work when the user enters his email and hits next.

But it doesn't work when he selects "Continue with Microsoft" (he has a licensed M365 account). The thing is that the user is being asked this (see screenshot):

Atlassian Cloud SSO issue.png

So somehow while authenticating it does not recognize that there is a fully configured enterprise Application existing in Azure AD and wants to add another one.

Should users just not use the Microsoft button or is my config wrong?

Cheers!

1 answer

@Dominik Aigner 

As per previous interactions with Atlassian support – "Continue with Microsoft" uses some mysterious instance of "Atlassian" OAuth enterprise application in Azure AD, which is indeed distinct from the "Atlassian Cloud" you would configure for SAML.

I can only suggest to reach out to Atlassian support, but don't expect much. I was not able to get any details on how to configure this app, and specifically how to disable it properly.

As per Atlassian response to me at the time:

We do not have an official documentation on this one as this is purely Microsoft workflow. I suggest to reach out to Microsoft as well to see if they have some information on this one as we don't have any visibility on this. We tested removing this application and yes this seems to be the case that it will be re-created automatically.

Based on the error you are getting this application currently is not deployed/configured correctly in your Azure AD.

If you do get it configured while having SAML SSO configured as well, the flow for the user would be very similar, so it becomes merely a somewhat handy shortcut.

Without SAML SSO configured there is a distinction. See answer here: https://community.atlassian.com/t5/Atlassian-Access-questions/Azure-AD-integration-difference-between-OAuth-and-SAML/qaq-p/1511680

We (TechTime, a Platinum Atlassian Solution Partner in Aotearoa – New Zealand) usually recommend to our customers to instruct their users "not to use this social login", but since it's impossible to disable, and impossible to get rid of – this is kinda moot.

Atlassian Support did provide this ticket to vote on to make this "social login" flow work the same as the SAML one:

https://jira.atlassian.com/browse/ACCESS-894

There is also this one to be able to disable this button

https://jira.atlassian.com/browse/ID-6647

Thanks @Ed Letifov _TechTime - New Zealand_ for your feedback! I was on holiday for some weeks and will double check the current state these days.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events