Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1635

Couldn't connect to Azure AD.

XMLWordPrintable

      Issue Summary

      Couldn't connect to Azure AD.

      Steps to Reproduce

      1. Login as an administrator to the admin portal: https://admin.atlassian.com
      2. Navigate to Security > Identity Providers > Select the Directory
      3. You will end up seeing the below error in UI:

      Expected Results

      It should load oSync config in UI.

      Actual Results

      After logging in to admin portal as administrator, on navigating to this path: Security > Identity Providers > Select the Directory below error is shown in the UI.

      400 errors are seen in the network trace while making call to below endpoints:

      https://admin.atlassian.com/gateway/api/osync-service/orgs/um/org/<OrgId>/syncConfig 

https://admin.atlassian.com/gateway/api/admin/private/org/<OrgId>/directory/<DirectoryId>/reconnection-callback

      Workaround

      Navigating to this Link: https://admin.atlassian.com/o/${organizationId}/idp/${directoryId}/saml should take you  directly to the SAML configuration for Azure AD identity provider directory with the option to Delete configuration. Once the SAML config is deleted, You can continue with the steps to disconnect your Microsoft account, and then re-authenticate to Azure AD so you can reconfigure your sync settings.

        1. image-2023-09-29-15-33-48-388.png
          59 kB
          Kodakandla Vijay Kumar
        2. image-2023-09-29-15-34-19-872.png
          50 kB
          Kodakandla Vijay Kumar
        3. image-2023-09-29-15-41-57-682.png
          50 kB
          Kodakandla Vijay Kumar
        4. toolport.har
          2.15 MB
          Kodakandla Vijay Kumar

            [ACCESS-1635] Couldn't connect to Azure AD.

            Niels Ehlke added a comment -

            Hello, 

            at this moment the User Provisioning is working again.

            I have made the following re-configuration

            1. in the policies (where all users in) I disabled SSO

            2. after that I reset all sessions 

            3. then I went to the identity provider and clicked on reconnect Azure AD and was able to re-authenticate the user. The error "Something went wrong" did not occur then.
            The error should have come in this step.

            4. after that I created a new policy without SSO enabled, in this policy is currently the user that is used for authenthizifierzung.

            5. then I reconfigured SAML in the policy that applies to all other users and followed these instructions: 
            https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/atlassian-cloud-tutorial

            Now the user provisiong has been running for 14 hours now with no errors. 
            But of course I will continue to monitor this. 

            Niels Ehlke added a comment - Hello,  at this moment the User Provisioning is working again. I have made the following re-configuration 1. in the policies (where all users in) I disabled SSO 2. after that I reset all sessions  3. then I went to the identity provider and clicked on reconnect Azure AD and was able to re-authenticate the user. The error "Something went wrong" did not occur then. The error should have come in this step. 4. after that I created a new policy without SSO enabled, in this policy is currently the user that is used for authenthizifierzung. 5. then I reconfigured SAML in the policy that applies to all other users and followed these instructions:  https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/atlassian-cloud-tutorial Now the user provisiong has been running for 14 hours now with no errors.  But of course I will continue to monitor this. 

              686b6de14f53 Neel Gandhi
              29f3265087c2 Kodakandla Vijay Kumar
              Affected customers:
              1 This affects my team
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: