How to manage Guest accounts in Jira Align with Azure SSO

Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Jira Align is designed to authenticate a user based on a single email or an external ID.

This article provides the solution on how to manage Guest accounts in Azure SSO in cases where userPrincipalName is different than their email ID.

ℹ️ Please refer to Microsoft Azure documentation for more information on the suggested settings

Solution

The Azure Entra configuration can be setup to conditionally send 'user.mail' for External guests and 'user.userprincipalname' for Members in the Unique User Identifier (Name ID) field.

(Auto-migrated image: description temporarily unavailable)

Note: For Members, Microsoft does not recommend using 'user.mail' since email addresses are not always verified by Microsoft Entra ID. It is probably not a viable workaround for internal users.

Updated on April 14, 2025
Platform
Cloud and Data Center
Products
Jira Align Cloud
Jira Align Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community