Discover important Atlassian cloud account log in information, including troubleshooting problems.
This document describes problems you might have when using Single Sign-On (SSO) with SAML to log in to your Atlassian account.
If you see errors from your identity provider, check with the provider's support and tools rather than Atlassian Support.
Unable to log in with single sign-on
Action you can take
There’s a few reasons why you may have trouble logging in with SAML single sign-on:
Do either of the following:
SAML error messages
The following table lists the error messages related to SAML problems:
A plain error screen with no Atlassian branding.
You might have network connectivity issues with your IdP. Try refreshing the page.
An error screen for your IdP. This may appear with one of the following error messages:
You might have an issue with your IdP configuration, e.g. a user may not be able to access the Atlassian product from the IdP. Contact your administrator or IdP to fix the issue.
"Your email address has changed at your Identity Provider. Ask your administrator to make a corresponding change on your Atlassian products."
A known issue with the SAML Beta. You'll soon be able to change the email addresses of your managed accounts from User management.
"We weren't able to log you in, but trying again will probably work."
SAML configuration was disabled for the user during the login process. Verify the SAML configuration and try again.
The IdP Entity Id in the SAML configuration of your site administration may be incorrect. Verify that you're using the correct Entity Id and try again.
"xxx is not a valid audience for this Response"
The Service Provider Entity Id in the IdP SAML configuration may be incorrect. Verify that you're using the correct Entity Id and try again.
"The response was received at xxx instead of xxx"
The Service Provider Assertion Consumer Service URL in the IdP SAML configuration may be incorrect. Verify that you're using the correct URL and try again.
"The authenticated email address we were expecting was 'xxx', but we received 'xxx'. Please ensure they match exactly, including case sensitivity. Contact your administrator to change your email to match."
The user tried to log in to the IdP with an email address different from their Atlassian account email address. Verify that the user is logging in with the correct email address. Email addresses are also case sensitive.
You're most likely using an unsupported IdP. Verify your IdP configuration by making sure you've done the following:
Was this helpful?