"Unable to find user" attempting to login to Jira Align via SSO

Summary

Attempting to login to Jira Align via SSO through an Identity Provider (IdP) fails with one or more of the following errors:

"Unable to find user"

Unable to find user by ExternalToolUID:<USERID>

We can’t log you in right now. Please contact your administrator."

Environment

Jira Align

Diagnosis

User observes one or more of the following errors from the browser:

(Auto-migrated image: description temporarily unavailable)
(Auto-migrated image: description temporarily unavailable)
(Auto-migrated image: description temporarily unavailable)

Cause

This particular login failure can occur due to one of the following:

  • The user attempting to login does not have a corresponding user account created in Jira Align. As noted in Jira Align SAML 2.0 Setup

“The user account you are testing from the SAML 2.0 provider must be also configured on the Jira Align side.”

  • The email being used to authenticate with the IdP does not match the user’s email address in their Jira Align account.

  • The NameID attribute being returned by the IdP does not match the corresponding value (Email or External ID) of the Jira Align user.

Solution

  1. Ensure that a user account is created in Jira Align for the user who is attempting to login via SSO. User accounts can be created in Jira Align using any of the following methods:

    • Manually created from the UI → Add users

    • Users automatically integrated from Jira (the user must be assigned to an integrated issue)

    • API 1.0

    • Excel Import

  2. Ensure that the Jira Align user account’s email address matches the one being used to authenticate with the IdP.

  3. Ensure the SAML Provider's SSO configuration within Jira Align is set to the correct NameID lookup (Email or External ID) and the IdP is configured to send the matching NameID value.

  4. In Jira Align, verify that the SAML Provider’s NameID lookup is set to match your IdP claim (Email or External ID).

  5. In Microsoft Entra ID (Azure AD):

    • Navigate to Enterprise Applications > Jira Align > Single sign-on > Attributes & claims.

    • Set the Name identifier format to “Email address” (or “External ID” if that is used in Jira Align).

    • Ensure the claim value matches the identifier used in Jira Align (case and whitespace sensitive).

  6. Save changes in the IdP and retest SSO.

  7. Confirm the user exists and is active in Jira Align with the exact identifier sent in the NameID claim.

Updated on March 20, 2026
Apps
Jira Align Cloud
Jira Align Self Hosted
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community