Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Azure SSO: We were unable to verify the email associated with your Microsoft account

Elijah Wolf
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 13, 2021

Hello Community!

We are setting up a new Helpdesk and Knowledge Base for our business and we are sold on Jira Service Management and Confluence, so I set up Azure SSO (SAML) with Atlassian Access.

I am able to login as myself with my Azure account, so I created a new Azure user to test with and the account was pulled into Atlassian Access almost immediately. I opened a new private Chrome tab to test the experience when logging in as a customer.

I didn’t get any hits when searching for text that appears on the pages I land on so I will add that information to this post even though the images describe the same text, I apologise if this makes this post lengthy.

After navigating to our Confluence Portal and the Service Management Help Center (which I believe is just a drilled down level within the Confluence Portal). The links are:

Confluence Portal: https://OurOrganization.atlassian.net/servicedesk/customer/portals

Jira Service Management Help Center: https://OurOrganisation.atlassian.net/servicedesk/customer/portal/2

Both of these links loads the correct portal:

FD2F012C-789A-41DB-A44F-BAF9443D5B7E.jpeg

 

After entering the email address, I am correctly redirected with the title Your group uses single sign-on and a button with the title Login in with single sign-on:


7432B838-B588-45D6-B4A1-3107D60F74FB.jpeg

 

I then get the default Atlassian login page. After entering the email address, the page recognises the username (which I was surprised at honestly!) however after entering the password I’m given the error message Incorrect email address and / or password. Do you need help logging in?


63C77773-AF2B-498D-A348-55E67CAE67D7.jpeg


I can understand that technically this username doesn’t have an Atlassian account, though I would like this to happen when we pull that user in via Atlassian Access. I want them to exist so I can select their name when creating a ticket (which seems to be the case currently) but if I can have them login here at this page, that would be wonderful.

If that’s not possible, I can understand that we might be required to click Continue with Microsoft in order to login. However the reason for my post is that after being redirected to Microsoft and logging in, I hit this page:

0491E769-6832-4A4B-8A97-884D40105D3F.jpeg



The message reads We were unable to verify the email associated with your Microsoft account, so let’s do that now.


Now admittedly after clicking the button, I get an email with a code and I can successfully verify the account and login as that employee. I’d like to simplify the login process for our employees as much as possible, hence the desire to login at the first Atlassian login page. So having them receive a code and verifying their account before they can login to respond to tickets or manage them is a little much for our business.

Is there a way to simplify this? I’m possibly importing the wrong fields from Azure or something? When I created the Azure app, I used the automatic method and everything was customised and set up via that tool so I would expect that it’s configured correctly but I don’t know if this is the expected experience for an organisation customer to encounter for Atlassian/Jira products.

Any help would be absolutely amazing, I think that the community here is outstanding and I look forward to not only using these products for our business but hopefully to assist the community in the future after I find my feet with these products!

Thank you everyone!
Eli

2 answers

Suggest an answer

Log in or Sign up to answer
1 vote
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 17, 2021

Hi @Elijah Wolf ,

So I think your diagnosis of the problem is correct – we initially do a check on the domain to recognize that you should log in with SSO, but on the next login screen, that user doesn't actually haven an Atlassian account yet so they aren't automatically sent to the SSO provider.

I think the simplest way to solve this would be to set up user provisioning from Azure AD:

1. That will ensure that any new users you create will have an Atlassian account automatically

2. Provisioning from Azure AD bypasses the email verification step

The instructions to set that up are here: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial

Typically the way to do this with JSM is to put all your "customer" users (i.e. non-agents) in a group. You should make sure that group is synced to the site, but is not a "product access group" for JSM, so that they don't get billed as agents. 

Dani Perez May 29, 2023

Hi,

I'm having this same issue. My users are provisioned via Azure AD (SCIM) and are added automatically to Customers. SSO is enabled. Domain is linked and verified.

But, each new internal user is trying to reach the portal via SSO, gets the verification window.

How can we avoid this verification step?

Thanks

Dani

Like Andrew Orchard likes this
Dani Perez October 30, 2023

Fixed when I checked "Enforce SSO" configuration.

0 votes
Amine Barketi
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 17, 2023

Hello @Dave Meyer 

 

I am having a major issue as Elijah I am not able to access Jira my admin added me and I am not able to join the Jira platform because none of the verification code that is sent to my professional email address was reached out. Could you please assist me with my situation.

Thank you very much.

DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events