Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problem with SSO / SAML Setup with Azure AD

Minh Tran
Minh Tran July 9, 2024

After completing all the documented steps and deleting and retrying the app configuration in Azure a few times, we still get this error when trying to configure SSO: 

Browser error we get after clicking login and getting redirected from the login window:

This sts.windows.net page can't be foundNo webpage was found for the web address: https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx?SAMLRequest=buaZHXoirzCQAsIdFm3ZLveZOnjKkuE1UOvZRlNWM1Ex0rKtlkkE8yxFFtLAawoSV5mjOaVjRt9lnFWclZExfl7BuJtpeEPkxOzslfi1O8iJB%2F3O%2B3dPtltyfR19cGJwG59MXPdP%2B%2BqOuL4bUdsrjSxWlR8j%2BJz5P3Nt6O6PPE3ay3zmj5O1oZ4443XkFQLQl%2BVCS6dX6A8G%2BnWZydX3RH%2B7OUqwG0WXWdV4gkWVy4f5%2Fr4g8%3D&RelayState=4b117eed-5515-4880-9131-32c2f36b7a91
HTTP ERROR 404

Any insights into the connection error?

Answer
Watch
Like Be the first to like this
1715 views

4 answers

0 votes
Minh Tran
Minh Tran July 11, 2024

Clearly I am a novice at this. Thanks for the assist @Hector Menchaca . Just raced through the instructions and did not follow them closely enough. Assumed the order they provided was the order to enter them in the SAML set up.

 

Reply
0 votes
Hector Menchaca
Hector Menchaca
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 11, 2024

Hello @Minh Tran ,

Welcome to Atlassian Community!

In order to solve this issue you just need to swap the values Identity Provider Entity ID and Identity Provider SSO URL in your SAML configuration.

 

Regards,

Thanks!

View More Comments
jessica_huebner
jessica_huebner
Contributor
May 7, 2025

I am running into the exact same error. When I switched these as you suggest, I run into a new error: AADSTS900023: Specified tenant identifier 'REDACTED' is neither a valid DNS name, nor a valid external domain.

If you have any quick tips, I'd love to know!

Like
Hector Menchaca
Hector Menchaca
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 8, 2025

Hello @jessica_huebner ,

Thanks for your reply.!

Can you let me know what is the flow you are following in order to get this error? When you switched the values on your SAML configuration and you trying to login you are getting this error?

Thanks!

Like jessica_huebner likes this
jessica_huebner
jessica_huebner
Contributor
May 8, 2025

Below are the steps I followed:

  1. My Entra Admin used Atlassian Cloud app.
  2. My Entra admin also changed the Entra Attributes & Claims so that Unique User Identifier is user.mail (our users' email addresses)
  3. In Atlassian Admin Center SAML config, we copied the values from service provider entity URL and Service provider assertion consumer service URL and set them in Entra as the default values in respective areas and saved
  4. From Entra, I copied the Login URL and Microsoft Entra Identifier and pasted them into Atlassian SAML config. I tried the following first (values on the left are Entra ID, values on the right are Atlassian Admin SAML Config page):
    1. Login URL > Identity Provider SSO URL
    2. Microsoft Entra Identifier > Identity provider Entity ID

Doing this gave me the same error as what Minh posted above (exception of course is our unique ID). Then, when I tried switching the values as you suggested, so that the Microsoft Entra Identifier was in the SSO URL field and Login URL was in the Entity ID field in the SAML config. The user got a different error: AADSTS900023: Specified tenant identifier...

I appreciate any guidance you may be able to provide!

Like
Hector Menchaca
Hector Menchaca
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 8, 2025

Hello @jessica_huebner ,

The Correct way should be:

  1. Login URL > Identity Provider SSO URL
  2. Microsoft Entra Identifier > Identity provider Entity ID

The error the user that created the posted report it was because they had these values swapped.

Can you put the values on this way and then attach the screenshot you are getting?

Thanks!

Like
jessica_huebner
jessica_huebner
Contributor
May 8, 2025

Thanks Hector. This is how I had it set up initially. Attached is the screenshot.image (2).png

Like
Hector Menchaca
Hector Menchaca
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 8, 2025

Thanks @jessica_huebner ,

So ok let's circle back - this error that was the one posted by the creator of this post is due to the values on the Atlassian SAML configuration being wrong so in this case like this:

  1. Login URL > Identity provider Entity ID - Wrong
  2. Microsoft Entra Identifier > Identity Provider SSO URL - Wrong

And this is solved by swapping the values as I mentioned - and the correct order is:

  1.  Identity Provider SSO URL = Login URL - Correct
  2. Identity provider Entity ID = Microsoft Entra Identifier - Correct

Can you please double check the values are like this and try to test again the connection?

Like jessica_huebner likes this
jessica_huebner
jessica_huebner
Contributor
May 8, 2025

Thanks for the clarification, Hector. 

When I did this and had my test user try to sign in (Incognito), this is when she runs into the Microsoft error: AADSTS900023: Specified tenant identifier 'REDACTED' is neither a valid DNS name, nor a valid external domain (screenshot attached).image.jpg

Like
Hector Menchaca
Hector Menchaca
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 8, 2025

Hello @jessica_huebner 

I think is better to go over a ticket on this - please raise a ticket via: https://support.atlassian.com/contact/ 

An upload the screenshots of your SAML configuration on Atlassian and on the Entra side.

Remember to choose "Atlassian Guard" as the product.

Thanks!

Like jessica_huebner likes this
jessica_huebner
jessica_huebner
Contributor
May 8, 2025

Great idea, Hector. Thank you so much for your help!

Like
Reply
0 votes
Minh Tran
Minh Tran July 11, 2024

Thanks for your reply - This is for Atlassian Cloud and we have followed the instructions in both those links you provided (although we are not setting up provisioning just yet, just SSO). We've repeated the steps multiple times and deleted the app and restarted without success. After double and triple checking that we copied the contents to and from Azure AD and Atlassian SAML set up correctly, we continue to run into the 404 error.

Reply
0 votes
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Atlassian Partner
July 9, 2024

Hi @Minh Tran 

It appears there may be a configuration issue, likely related to the ACS URL configuration.

To resolve this, you'll need to collect the SAML metadata from both the Atlassian Access and Azure AD and configure them accordingly.

For detailed guidance on the setup, you can refer to the following document:

https://support.atlassian.com/provisioning-users/docs/connect-to-azure-active-directory/

https://learn.microsoft.com/en-us/entra/identity/saas-apps/atlassian-cloud-tutorial

As an SSO vendor, we have created an extensive setup guide for configuring SAML SSO with Azure AD for our Data Center app. You can refer to its Azure AD configuration as well.

https://www.miniorange.com/atlassian/saml-single-sign-on-sso-jira-using-azure-ad-idp?version=2.0.0

 

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Guard
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.