"Unable to find user" attempting to login to Jira Align via SSO
Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Attempting to login to Jira Align via SSO through an Identity Provider (IdP) fails with one or more of the following errors:
"Unable to find user"
“Unable to find user by ExternalToolUID:<USERID>”
“We can’t log you in right now. Please contact your administrator."
Environment
Jira Align
Diagnosis
User observes one or more of the following errors from the browser:
Cause
This particular login failure can occur due to one of the following:
The user attempting to login does not have a corresponding user account created in Jira Align. As noted in Jira Align SAML 2.0 Setup
“The user account you are testing from the SAML 2.0 provider must be also configured on the Jira Align side.”
The email being used to authenticate with the IdP does not match the user’s email address in their Jira Align account.
The NameID attribute being returned by the IdP does not match the corresponding value (Email or External ID) of the Jira Align user.
Solution
Ensure that a user account is created in Jira Align for the user who is attempting to login via SSO. User accounts can be created in Jira Align using any of the following methods:
Manually created from the UI → Add users
Users automatically integrated from Jira (the user must be assigned to an integrated issue)
API 1.0
Excel Import
Ensure that the Jira Align user account’s email address matches the one being used to authenticate with the IdP.
Ensure the SAML Provider's SSO configuration within Jira Align is set to the correct NameID lookup (Email or External ID) and the IdP is configured to send the matching NameID value.
Was this helpful?