Starting with User Sync 1.5.0/ SAML SSO 3.5.5, the Azure AD connector is using a different OAuth2 authentication flow,
where it is no longer necessary to explicitly authorize the application from within the Atlassian application.

After updating to 1.5.0 you see this message in the Azure AD connector details:

Follow these steps to migrate to the new authorization method:

  1. Go to, click "Azure Active Directory" in the left panel and then choose "App registrations".
  2. Open the application you have already created for User Sync.
  3. Click on "API permissions" on the left navigation.
  4. Make sure "Directory.Read.All" is configured as an "Application Permission"
  5. All other permissions can be removed:

  6. Click on "Grant admin consent for ...". It should look like this:
  7. Confirm the action
  8. Switch back to the Azure AD connector configuration in User Sync.
  9. Select "click here to switch to the new authorization method" to complete the migration.