Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SAML SSO with Azure AD does not work when using "Continue with Microsoft"

Dominik Aigner
Dominik Aigner July 21, 2022

Hi Community, I just configured SSO with Azure AD as described here: Tutorial: Azure Active Directory integration with Atlassian Cloud - Microsoft Entra | Microsoft Docs

 

The SSO does work when the user enters his email and hits next.

But it doesn't work when he selects "Continue with Microsoft" (he has a licensed M365 account). The thing is that the user is being asked this (see screenshot):

Atlassian Cloud SSO issue.png

So somehow while authenticating it does not recognize that there is a fully configured enterprise Application existing in Azure AD and wants to add another one.

Should users just not use the Microsoft button or is my config wrong?

Cheers!

Answer
Watch
Like Be the first to like this
646 views

1 answer

1 vote
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 22, 2022

@Dominik Aigner 

As per previous interactions with Atlassian support – "Continue with Microsoft" uses some mysterious instance of "Atlassian" OAuth enterprise application in Azure AD, which is indeed distinct from the "Atlassian Cloud" you would configure for SAML.

I can only suggest to reach out to Atlassian support, but don't expect much. I was not able to get any details on how to configure this app, and specifically how to disable it properly.

As per Atlassian response to me at the time:

We do not have an official documentation on this one as this is purely Microsoft workflow. I suggest to reach out to Microsoft as well to see if they have some information on this one as we don't have any visibility on this. We tested removing this application and yes this seems to be the case that it will be re-created automatically.

Based on the error you are getting this application currently is not deployed/configured correctly in your Azure AD.

If you do get it configured while having SAML SSO configured as well, the flow for the user would be very similar, so it becomes merely a somewhat handy shortcut.

Without SAML SSO configured there is a distinction. See answer here: https://community.atlassian.com/t5/Atlassian-Access-questions/Azure-AD-integration-difference-between-OAuth-and-SAML/qaq-p/1511680

We (TechTime, a Platinum Atlassian Solution Partner in Aotearoa – New Zealand) usually recommend to our customers to instruct their users "not to use this social login", but since it's impossible to disable, and impossible to get rid of – this is kinda moot.

Atlassian Support did provide this ticket to vote on to make this "social login" flow work the same as the SAML one:

https://jira.atlassian.com/browse/ACCESS-894

There is also this one to be able to disable this button

https://jira.atlassian.com/browse/ID-6647

View More Comments
Dominik Aigner
Dominik Aigner August 29, 2022

Thanks @Ed Letifov _TechTime - New Zealand_ for your feedback! I was on holiday for some weeks and will double check the current state these days.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Account
TAGS
AUG Leaders

Atlassian Community Events

    See all events