User unable to login to application without membership in a specific group when SSO is enabled

Still need help?

The Atlassian Community is here for you.

Ask the community


When SSO is enabled, newly created users are unable to login to application without membership in a specific group.

For example, Confluence and JIRA are connected to Crowd as the user directory, with SSO. In this situation:

  1. A new User A is created in Crowd
  2. User A is assigned membership in the confluence-users group in Crowd
  3. Authentication tests for the user in the Confluence application in Crowd are successful
  4. Synchronizing the Crowd user directory to Confluence is successful
  5. User is unable to login to Confluence with the following error: 
  6. Users are able to log in to the application once they are provided membership in the jira-users group.


The information in the configuration file inside the affected application is incorrect. In this example, the issue is caused by the file in Confluence, which uses the application information and credentials that connect to the JIRA application. Therefore, when SSO is enabled, Confluence will attempt to connect to the JIRA application during authentication. If the user does not have the group with the use permission in JIRA (here, jira-users), they will not be able to log in to Confluence.



  • Modify and ensure that the information matches the application information as configured in Crowd. See this documentation for information on how to configure SSO.

Last modified on Nov 2, 2018

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.