"Need admin approval" message when trying to connect email accounts in Jira Service Management Cloud

Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.

Summary

When trying to connect a Microsoft mail handler for JSM following Add a custom email account | Jira Service Management Cloud | Atlassian Support admins may receive the message below:


The only options available are "Have an admin account? Sign in with that account” and “Return to the application without granting consent”, but none of them will connect the desired mail account as a mail handler.

Cause


This happens because Microsoft AD has a setting to control who can perform OAuth connections for apps (which is this type of connection) and this setting is disabled for users in Microsoft AD. The configuration is explained in Microsoft documentation: Configure the admin consent workflow - Microsoft Entra ID.

That said, if the option “Have an admin account? Sign in with that account” is selected, and you authenticate with an Azure AD admin account, this admin account will be added as a mail handler and not the desired account you would like to connect. Selecting “Return to the application without granting consent” will make the connection unsuccessful.

Solution


As it’s a Microsoft AD setting, you must contact your company’s Microsoft AD admin to review the configuration. More specifically, the setting “Users can request admin consent to apps they are unable to consent to​” that is currently set to “No”.

According to Configure the admin consent workflow - Microsoft Entra ID the steps to access this page are:


To enable the admin consent workflow and choose reviewers:

  1. Sign in to the Microsoft Entra admin center as a Global Administrator.

  2. Browse to Identity > Applications > Enterprise applications > Consent and permissions > Admin consent settings.

  3. Under Admin consent requests, select Yes for Users can request admin consent to apps they are unable to consent to .


Enabling this setting should allow users to request approval when trying to connect the mail handler and other apps:


Then, the Microsoft AD admins can follow the Review and take action on admin consent requests - Microsoft Entra ID to approve the request.

Last modified on Jul 22, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.