Configuration needed to use non-Active Directory SSO for Microsoft accounts
Hello,
I've been looking into using the other methods of logging into a Jira Cloud account, namely the Microsoft option. From what I understand, there are two methods for using single signon (SSO) with Microsoft: using Azure Active Directory and the normal Microsoft account login (this question specifically refers to using the normal Microsoft account login).
Additionally, when it comes to Microsoft accounts there are personal accounts and then accounts that are associated with an organization, of which this issue applies to the Microsoft accounts that are a part of an organization.
Now for the question - I am getting an error when trying to create an account that uses the Microsoft account that says "Need admin approval", does this mean that a permission must be added to the organization's Microsoft accounts? All of the guides I have found online only detail how to configure the backend of an Active Directory. I assumed that even though the Microsoft account is part of an organization, that it shouldn't need permissions to do so (since it is technically a social account)?
Thank you in advanced for the help!
PS: Here is the guide I have found detailing the Active Directory integration, but I don't think those apply here
Microsoft: Atlassian Jira and Confluence admin guide for Azure Active Directory
Edit: Here is a screenshot of the messsage requesting approval:
1 answer
Hi Roy,
You are correct in that the link you posted of Microsoft: Atlassian Jira and Confluence admin guide for Azure Active Directory does not apply to this particular case. Specifically that document applies to the Server versions of Jira and Confluence. But we can see that clearly this is an Atlassian Cloud request for approval.
This particular question is very close in nature to another question over in https://community.atlassian.com/t5/Marketplace-Apps-Integrations/Jira-and-MS-Teams-configuration/qaq-p/663674
In that case, it was an configuration within Office 365 that had to be adjusted to allow this integration. The Need admin approval message is extremely similar in nature. I also came across https://docs.microsoft.com/en-us/answers/questions/37875/application-needs-permission-to-access-resources-i.html which also looks to indicate that this can be expected in some cases. In that case the solution appears to require changes by an admin to permit the login
From my own experience with Microsoft accounts, I have found that sometimes when I login, I get a prompt to ask me if this is a personal account or a work account as it appears to Microsoft that the account itself might have more than one role type.
So perhaps the same is happening here. Even if you believe this is a new account, sometime accounts on specific domains could be claimed already within the login provider which could then restrict login settings in a manner like so.
In your case, I don't believe that you need an Atlassian admin, but rather a Microsoft admin so that the id.atlassian.com site can be used to process logins.
Does that help?
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.