JIT User provisioning AzureAD

Hello,

today I configured successfully SSO 2.0 on our Jira Server based on SAML with AzureAD.

Users that are still existing can login via AzureAD, works like a charm.

What is not working is that I have a guest account in AzureAD which I´d also like to give access to Jira.

The guest account does not exist in Jira so far and also not on the remote directory (but of course in the IdP).

I added the guest account in AAD to the Enterprise Application which i configured like the existing users (only difference that existing users are added through a security group).

When i now try to login with the guest account I get the error message "You currently can´t login, Please contact your administrator"

In the Jira log I see following entry:

Received SSO request for user guest_mail.com#EXT#@company.onmicrosoft.com, but the user is not permitted to log in

Didn´t found this error message at all while googling for it.

Anyone have an idea what could be the problem?

1 answer

1 accepted

1 vote

Answer accepted

Found the issue:

I had to enable access for the group of the user which it was member of.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

In Atlassian Acess or Azure?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

In Jira I had to add "Application Access" to the group which is synced from AAD.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Pramodh M likes this

Suggest an answer

Was this helpful?

Thanks!

Jira

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

JIT User provisioning AzureAD