SAML login error: 'User <username> is not allowed to login with IDP 1' on Jira DC

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

After configuring SAML in Jira and attempting to log in, the login fails with the error message “We can’t log you in right now. “

Environment

Jira Data Center version 9 and higher with SAML SSO and JIT Provisioning.

Diagnosis

When attempting to log in after configuring SAML SSO for Jira Data Center after enabling JIT Provisioning, login fails and an error similar to the example below is seen in the atlassian-jira.log file:

2025-05-26 05:48:42,532+0000 http-nio-8080-exec-7 url: /jira/plugins/servlet/samlconsumer ERROR anonymous 348x480x1 1d5sh1m xx.xxx.xx.xxx,xxx.xx.x.x /plugins/servlet/samlconsumer [c.a.p.a.s.web.filter.ErrorHandlingFilter] [UUID: 6b24ed7e-4292-401f-80a3-e35cba18bab5] User <username> is not allowed to login with IDP 1 com.atlassian.plugins.authentication.sso.web.usercontext.IdpNotApplicableException: User <username> is not allowed to login with IDP 1 at com.atlassian.plugins.authentication.sso.option.JiraLoginOptionChecker.checkIdpLoginOptionApplicable(JiraLoginOptionChecker.java:94) at com.atlassian.plugins.authentication.sso.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:114)

For other errors, please refer to our SAML SSO Troubleshooting Guide for Jira Data Center.

Cause

Just-in-time user provisioning (JIT provisioning) enables users to be automatically created and updated when they log in through SAML SSO. However, to access Jira, users must have the necessary application access permissions. If a user attempts to log in via SSO without the appropriate application access, they will encounter this error.

Solution

To resolve the login issue, please follow these steps:

  1. Log in to Jira with an account that has administrative privileges.

  2. Navigate to Applications in the administration menu.

  3. Click on Application Access.

  4. Check the list of groups that have application access to Jira.

  5. Ensure that the user who is trying to log in is a member of one of these groups.

If the user is not part of any group with the necessary application access, you will need to add them to the appropriate group to allow login via SSO.

Updated on June 20, 2025
Platform
Data Center only
Products
Jira Core Data Center
Jira Software Data Center
Jira Service Management Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community