Setup the "single-tenant" account type Azure mail with Jira Data Center
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Learn how to setup the Jira Data Center mail handler using the OAuth 2.0 integration and Azure mail using the "single-tenant" account type.
If the connection fails after following our Steps to configure OAuth 2.0 integration with Microsoft Azure, you may see an error in the logs
atlassian-jira.log or atlassian-jira-incoming-mail.log
1
2
3
4
5
6
7
8
2021-11-16 12:35:50,956+0100 https-jsse-nio-8443-exec-7 ERROR user 755x4397x2 lyskqh 127.0.0.1
/rest/oauth2-client/latest/config/flow/<id> [c.a.o.c.rest.resource.ClientConfigurationResource] Error occurred while authorizing an integration.
The error message is:
Error when fetching authorization response:
{"error_description":"AADSTS50194: Application '<idstring>'(<applicationname) is not configured as a multi-tenant application.
Usage of the \/common endpoint is not supported for such applications created after '10\/15\/2018'.
Use a tenant-specific endpoint or configure the application to be multi-tenant.\r\nTrace ID: <ida>\r\nCorrelation ID: <idb>\r\nTimestamp: 2021-11-16 11:35:47Z",
"error":"invalid_request"}
Solution
If your organization only allows the "single-tenant" support account type, follow these steps to successfully enable the integration:
In the Azure AD portal, get the tenant ID value, as explained in the OAuth 2.0 and OpenID Connect protocols on the Microsoft identity platform
In Jira, go to ⚙ > Applications and select Application Links
Change the two fields Authorization endpoint and Token endpoint in the OAuth 2.0 configuration page, using the following values instead (please replace <TENANT_ID> with the tenant ID):
Authorization endpoint:
https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize
Token endpoint:
https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token
After you make these two changes, make sure to generate a new value for the Redirect URL field, in order to save the new integration settings
Go back to the Azure Admin UI, update the new Redirect URL value in the application in Authorization > Platform Configurations > Redirect URIs, and save the changes:
Was this helpful?