Resolving Atlassian Cloud certificate error for SAML SSO
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
This article covers how to resolve a certificate error when accessing an Atlassian cloud application through SAML SSO.
Diagnosis
How to identify the error
To verify and validate the certificate error, review the error specified within the URL query string as shown below:
access_denied&error_description=Invalid%20thumbprint
Cause
This error occurs when an incorrect SAML certificate is updated on the Atlassian cloud SSO configuration.
The SAML configurations are located on the Atlassian cloud at Administration > Security > Identity providers (left navigation) > View SAML Configurations.
The Public certificate.
This situation may arise during the configuration of SSO or when updating the SSO certificate on Atlassian Cloud.
Solution
Follow these steps to complete the task:
Access the Identity Provider (IdP) admin console.
Locate the Atlassian cloud application within the IdP.
Obtain the Base64 Certificate for the Atlassian cloud application.
Open the downloaded certificate in a text file and copy the entire certificate value from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.
Paste the certificate value into Atlassian cloud SSO configurations (Security > Identity providers > View SSO configurations).
Validation
Open an incognito or private window in your browser.
Navigate to https://id.atlassian.com.
Enter the user's email address and click on Continue.
Proceed with the IdP authentication process.
How to get a certificate within some supported IdPs
Please note that the name of the IdP application for “Atlassian Cloud” may vary. The default name is “Atlassian Cloud”.
Microsoft Entra (formerly Azure)
Was this helpful?