User & GroupsUser & Groups
Try For Free

Microsoft Entra ID (formerly Azure AD): Migrate to Client Credentials Flow

Starting with User Sync 1.5.0/ SAML SSO 3.5.5, the Azure AD connector is using a different OAuth2 authentication flow,
where it is no longer necessary to explicitly authorize the application from within the Atlassian application.

After updating to 1.5.0 you see this message in the Azure AD connector details:


azure-auth-flow-warning.png


Follow these steps to migrate to the new authorization method:

  1. Go to portal.azure.com, click "Azure Active Directory" in the left panel, and then choose "App registrations".

  2. Open the application you have already created for User Sync.

  3. Click on "API permissions" on the left navigation.

  4. Make sure "Directory.Read.All" is configured as an "Application Permission"

  5. All other permissions can be removed:

    image2020-6-25_9-29-12.png

  6. Click on "Grant admin consent for ...". It should look like this:

    azure permissions.png

  7. Confirm the action

    image2020-6-25_9-31-38.png

  8. Switch back to the Azure AD connector configuration in User Sync.

  9. Select "click here to switch to the new authorization method" to complete the migration.


This site uses cookies to deliver its service & to analyse traffic. By browsing this site, you accept the privacy policy.

Our Wiki uses cookies

We want to give you the best possible experience on our website. For this we use technically required cookies and, if you agree, cookies for analysis and marketing purposes. You can find more information about the cookies in our Privacy Policy. By tapping ‘Accept All,’ you consent to the use of these methods by us and third parties.

Necessary
Always Active
Analytics
Advertisement
Other