Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problems with Portal only Customer SSO Azure AD (Entra ID)

Jannick Bettighofer
Jannick Bettighofer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 1, 2024

Hi guys,

We have tried to connect our Azure AD (Entra ID) for the connection of the portal only customers in Jira Service Management.

We have followed the following instructions for the setup: Configure SAML single sign-on for portal-only customers | Atlassian Support

Now we have the following problem: A customer who is also stored in the application in the Azure AD tries to log in via SSO , but after entering the e-mail address the following error message appears: "You can't continue with single sign-on. Try again." But the authentication is shown as successful in the logs in Azure AD

In the Jira Settings SSO is enabled and the right identity provider is connected.

Is there any hidden setting to configure? Have any of you had experience with this problem?

 

Best regards and thank you in advance

Answer
Watch
Like Patrik Iuhasz likes this
642 views

3 answers

1 vote
Darwish Baganian
Darwish Baganian
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 16, 2024

Hi Jannick,

I was able to get mine working. Make sure you follow the guide from Microsoft below especially Step 12:

Tutorial: Microsoft Entra SSO integration with Atlassian Cloud - Microsoft Entra ID | Microsoft Learn

Do both of the attribute mappings so it looks like this

Screenshot 2024-09-16 at 16.10.07.png

View More Comments
Michael Friedmann
Michael Friedmann November 5, 2024

Hi there. We have exactly the same error. SSO with redirection works and we have changed the claims as suggested but still the user get's the error message:
error_code=access_denied&destination=portals

It seems like there is still another access policy or right missing that needs to be configured .... Please advise!

Like
Reply
1 vote
Darwish Baganian
Darwish Baganian
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 16, 2024

Hi there. I too am getting the same error message.

Looking at the URL after logging in, it's saying Access Denied:

https://ourdomain.atlassian.net/servicedesk/customer/user/login?error_code=access_denied&destination=portals

Customer Permissions is set to Open and they are also allowed to create accounts.

Not sure why it's not working

Reply
0 votes
Michael Friedmann
Michael Friedmann November 11, 2024

Hi there,

I could solve my issue with the same error message "You can't continue with single sign-on. Try again." by double checking certificate setup from Azure and copy it again into the Atlassian SAML setup. 

Just to be sure I also have a different SAML Attributes & Claims Setup (I did get this one from Atlassian Guard Support) as shown above:

2024-11-11 13_54_44-Attributes & Claims - Microsoft Azure.png In the same page check the SAML Certificates section and download the Base64 version of the certificate:

2024-11-11 13_05_32-Atlassian Entra SAML - Microsoft Azure.png

Make sure to copy it by using a text editor (eg notepad++) and not Word or a tool that might do magic with encoding and paste it here:

2024-11-11 13_07_53-SAML configuration - seitz-tiernahrung - Atlassian Administration.png

Even so I did know that you need to be carful in copying the certificate Base64 encoded and including "BEGIN" and "END...." marks etc. I did obviously a mistake there....  

As far as I understand the issue, the SAML authentication works without but the JIT (just in time provisioning) of a new "customer" is only possible if a trusted source (certificate) delivers the customer data....

Hope this solves your issue as well...

 

 

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events