Synchronization between Confluence and Azure Active Directory is PARTIALLY_FAILED (User is not unique)

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

The synchronization between the Azure Active Directory (AAD) and Confluence is made through the SAML Single Sign On for Confluence third-party app.

When trying to synchronize, the result is PARTIALLY_FAILED and the error message is User is not unique (see the screenshot):

(Auto-migrated image: description temporarily unavailable)

As a result, a particular user is unable to log into Confluence. This error may affect one or more users.

Environment

Diagnosis

When trying to sync Azure Active Directory users through the third-party app, the following message is displayed on application logs:

atlassian-confluence.log

1 2020-11-05 16:33:25,831 ERROR [http-nio-8090-exec-679] [atlasplugins.samlsso.userauth.PrincipalProviderImpl] log ZG176: Updating user from connector failed, result was not SUCCESS or resulting user was not present: User is not unique

Cause

A user that was previously synced between Confluence and the AAD was deleted in the external directory. Before synchronizing to Confluence (and removing the user from Confluence tables), a new user was created externally, using the same e-mail as the deleted user but with a different username.

The next synchronization between Confluence and AAD (through the app) will identify the same e-mail being used by a different user in Confluence, thus triggering the User is not unique error.

Solution

Always back up your data before making any database modifications. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

While existing this divergence between two different usernames, Confluence will not sync properly to the AAD. You'll need to manually change the deleted user's e-mail in Confluence Database to other unused value:

  1. Shutdown Confluence

  2. Run the following query at the Confluence database:

    PostgreSQL query

    1 2 3 4 5 UPDATE cwd_user SET email_address = 'somerandom@email.value', lower_email_address = 'somerandom@email.value' WHERE id in ( select id from cwd_user where user_name = '<DELETED_USERNAME>');

    ⚠️ If the user that was deleted in the AAD belongs to multiple Confluence directories you may need to narrow down the directory, otherwise, all e-mails will be changed.

  3. Start Confluence

  4. Try to sync Confluence to the AAD using the app SAML Single Sign On for Confluence

Updated on April 2, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community