OAuth

Trending searches:

Test Configuration works, SSO failed ?

1359 views May 26, 2025 0

If a user is unable to log in through the OAuth/OIDC plugin, there could be multiple reasons. Below is a structured checklist to help troubleshoot and resolve common login issues:

1. The user does not exist, and new user creation is disabled

If the user doesnʼt already exist in the application and user creation is turned off, the login will fail.


How to Fix:

  1. Go to the Configured Provider in the plugin settings.
  2. Click Advanced Settings.
  3. Scroll down to the User Creation section.
  4. Enable the toggle for Allow User Creation.

2. The email address is missing in the IDP response

If the email attribute is missing from the IDP response and the username attribute is also empty or misconfigured, the plugin cannot identify the user.


How to Verify:

  1. Go to the configured provider the plugin settings.
  2. Go to OAuth/OIDC Configurations → Test Configuration.
  3. Check if the email attribute is present in the response.
  4. Also, confirm that the username attribute (under User Profile) has a valid value.

If either is missing:

  • Update your IDP to include the email in the token or user info response.
  • Ensure the correct attribute is selected for username in the plugin.

3. Group permissions are not assigned to the user

Users must be assigned to valid groups in the application to successfully log in.


How to Fix:

  1. Go to the pluginʼs User Groups tab.
  2. Verify that group mappings are configured.
  3. Ensure the user is assigned to at least one application-level group with access.

4. Incorrect or missing domain in the allowed domains list

If the userʼs email domain is not listed in the Allow Domains setting, the login will be rejected


How to Fix:

  1. Navigate to the Sign In Settings tab.
  2. Locate the Allow Domains field.
  3. Add the user's domain (e.g., example.com). Multiple domains can be added using a semicolon (;).

5. Manual Group Mapping is enabled, but the user's group is not mapped

If Manual Group Mapping is selected and "Allow User Creation based on Group Mapping" is enabled, users whose IDP groups are not mapped will be blocked from logging in or being created.


Resolution:

  1. Go to the User Groups tab.
  2. Check the Group Mapping section
  3. Ensure the userʼs IDP group is mapped to an appropriate Atlassian group

If the user's group is not mapped, user creation will fail even if "Allow User Creation" is enabled.


6. The plugin license has expired

An expired plugin license will block authentication.


Resolution:

  • Renew or update the plugin license in Atlassian Admin → Manage Apps.

Was this helpful?

Related Articles

Hello there!

Need Help? We are right here!

support