Problem with Portal only Customer using SSO Azure AD (Entra ID)

Hi there,

We face similar issues as recently described here: https://community.atlassian.com/t5/Jira-Service-Management/Problems-with-Portal-only-Customer-SSO-Azure-AD-Entra-ID/qaq-p/2772912 (no answers or reaction from Atlassian staff yet) so I reraise this question and add some details from our own investigations.

The situation is the same, we all try to setup customer portal access for external customers following the instructions (https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-for-portal-only-customers/) and get to the point where everything works but the customers end up after completing the SSO authentication in the Service Management Customer Portal with the error message

"You can't continue with single sign-on. Try again." (URL:*.atlassian.net/servicedesk/customer/user/login?error_code=access_denied&destination=portals

The SAML Mapping from Entra ID is as follows:

We also added the customers to the organization  (jira/settings/products/servicedesk/organizations) in the Service Management setup and they customers appear after that in the customer list of the Service Portal but they keep Last active “Never logged in” and Status “Active” even so we did successfully sign in with these accounts.

Please advise how to overcome the authorization problem.