Microsoft Entra ID (formerly Azure AD): Migrate to Client Credentials Flow

Starting with User Sync 1.5.0/ SAML SSO 3.5.5, the Azure AD connector is using a different OAuth2 authentication flow,
where it is no longer necessary to explicitly authorize the application from within the Atlassian application.

After updating to 1.5.0 you see this message in the Azure AD connector details:

Follow these steps to migrate to the new authorization method:

Go to portal.azure.com, click "Azure Active Directory" in the left panel and then choose "App registrations".
Open the application you have already created for User Sync.
Click on "API permissions" on the left navigation.
Make sure "Directory.Read.All" is configured as an "Application Permission"
All other permissions can be removed:
Click on "Grant admin consent for ...". It should look like this:
Confirm the action
Switch back to the Azure AD connector configuration in User Sync.
Select "click here to switch to the new authorization method" to complete the migration.

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products. Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products.

Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.