"Some email addresses are already taken" error when using Azure AD for nested groups
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
An error "Some email addresses are already taken" is displayed when using the Azure AD for nested groups integration.
Diagnosis
- As an organization administrator, log in to https://admin.atlassian.com and select your organization if you have more than one.
- Navigate to Security > Identity providers.
- Select your identity provider directory that's configured for the Azure AD for nested groups integration.
- Verify whether the error is displayed above the sync status.
Cause
The "Some email addresses are already taken" error is returned if the email address of one or more synced accounts have changed in Azure AD since the last sync to a value that's already associated with an existing Atlassian account.
Click Download the list with conflicting emails to see the new emails being returned from Azure for already-synced users that conflict with emails on existing Atlassian accounts.
Solution
Option 1: Free up the conflicting emails in Atlassian
In order to allow the affected users' emails to update successfully in Atlassian via the Azure AD sync integration, the new email values must not be in use on any Atlassian accounts. The quickest and easiest way to ensure this is by locating the accounts in your Managed accounts list that are currently using the new email address values Azure is trying to pass to Atlassian and updating the emails on those accounts to values you don't want to use moving forward.
- Please see Make changes to a managed user account for more information on how to update the email of a managed account.
If you are unable to locate the existing account(s) in your organization's Managed accounts list, you may need to claim the accounts first.
- Please see Verify a domain to manage accounts for more information on how to claim accounts on your organization's managed domains.
Option 2: Revert email changes in Azure AD
If you didn't intend to update the emails on the users' synced Atlassian accounts, you can revert the email changes in Azure AD so the users are synced using their old emails during the next sync cycle. You will need to work with your Azure AD administrator(s) to revert the users' email updates in Azure AD.