Azure SSO issues with Atlassian Cloud

Redz January 24, 2022

I followed the instruction here (Tutorial: Azure Active Directory integration with Atlassian Cloud | Microsoft Docs) and the configuration seems correct. But I'm running into this issue when testing SSO:

InkedconfluenceSSOissue.jpg

When I talked to our devops person, he thinks the issue is with API permissions in the app registration, but it is not clear what API permissions need to be set to grant admin approval. Am I missing something?

2 answers

0 votes
Dominik Aigner July 21, 2022

Hi @Redz could you solve it? Got the same behaviour today and somehow I could solve it but only for me and two other test users. Another Test User is still being asked for approval.

Redz July 21, 2022

@Dominik Aigner Yes we did. Our Azure admin blocked the permission on all apps, so we had to get our Azure admin to grant permission for the Atlassian app. 

Another workaround is if your org uses SSO with Google Workspace, you can log into GWS and then "Log in with Google" at Confluence log in page. 

Samuel Alegre
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 4, 2022

Hi @Redz what permission did you give to solve this? We are running into this same problem. Did you need to give rights to specific API

Redz November 4, 2022

Hey @Samuel Alegre , it was basically blocked by our Azure admins. There are two types of permissions in Azure, User and Admin approval. Under user approval, a user has the ability to approve required permissions; under admin approvals, only Azure admins can approve requests. The problem is with Admin approval, it's basically all or nothing. In your org that might be acceptable, but for us, Confluence cloud is approved only for a limited number of users. 

What helped us get around that issue is we have Google Workspace and we instructed users to log into Google workspace first and then go to <company>.atlassian.net and select log in with Google option. 

Otherwise your Azure admin will have to approve Confluence app permissions at the Org level. 

0 votes
Pramodh M
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 24, 2022

Hi @Redz 

Welcome to the Community!!

It's referring to the one who created the App. That's it. You are allowing the app which you have just created in Azure to read the Profile data of the user such as username, email address so that it will be used for authentication, but before that, it requires permission to do so, and the screen which you have shared is the one.

Thanks,
Pramodh

Redz January 25, 2022

Hi @Pramodh M , I created the app in Azure Enterprise apps following the instructions in the link above. The config is correct, however when I test the sso that's when I get the error going through Continue with Microsoft for SSO login. The screenshot does share permissions required, but that does not translate into what API permissions need to be set in Azure > App registrations > API permissions. 

What I concluded is that specific API permissions are needed but are not configured in Atlassian Cloud app in Azure, there were no API permissions that needed to be granted as Admin. 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events