I followed the instruction here (Tutorial: Azure Active Directory integration with Atlassian Cloud | Microsoft Docs) and the configuration seems correct. But I'm running into this issue when testing SSO:
When I talked to our devops person, he thinks the issue is with API permissions in the app registration, but it is not clear what API permissions need to be set to grant admin approval. Am I missing something?
Hi @Redz could you solve it? Got the same behaviour today and somehow I could solve it but only for me and two other test users. Another Test User is still being asked for approval.
@Dominik Aigner Yes we did. Our Azure admin blocked the permission on all apps, so we had to get our Azure admin to grant permission for the Atlassian app.
Another workaround is if your org uses SSO with Google Workspace, you can log into GWS and then "Log in with Google" at Confluence log in page.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Redz what permission did you give to solve this? We are running into this same problem. Did you need to give rights to specific API
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey @Samuel Alegre , it was basically blocked by our Azure admins. There are two types of permissions in Azure, User and Admin approval. Under user approval, a user has the ability to approve required permissions; under admin approvals, only Azure admins can approve requests. The problem is with Admin approval, it's basically all or nothing. In your org that might be acceptable, but for us, Confluence cloud is approved only for a limited number of users.
What helped us get around that issue is we have Google Workspace and we instructed users to log into Google workspace first and then go to <company>.atlassian.net and select log in with Google option.
Otherwise your Azure admin will have to approve Confluence app permissions at the Org level.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Redz
Welcome to the Community!!
It's referring to the one who created the App. That's it. You are allowing the app which you have just created in Azure to read the Profile data of the user such as username, email address so that it will be used for authentication, but before that, it requires permission to do so, and the screen which you have shared is the one.
Thanks,
Pramodh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Pramodh M , I created the app in Azure Enterprise apps following the instructions in the link above. The config is correct, however when I test the sso that's when I get the error going through Continue with Microsoft for SSO login. The screenshot does share permissions required, but that does not translate into what API permissions need to be set in Azure > App registrations > API permissions.
What I concluded is that specific API permissions are needed but are not configured in Atlassian Cloud app in Azure, there were no API permissions that needed to be granted as Admin.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.