What are the differences between "Continue with Microsoft" versus SAML SSO?

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Environment

  • Atlassian Cloud

  • Atlassian Guard

  • Azure AD SAML SSO with Atlassian Cloud enterprise application

  • SSO enforced authentication policy

Context

Users have several options when logging into Atlassian Cloud with their Atlassian Accounts. In cases where the Atlassian Organization has SAML SSO configured using Azure AD, some users may mistake it for the "Continue with Microsoft" option. This article seeks to address all the different options.

Summary

When unauthenticated users visit their site URL (Confluence, Jira, etc.) they will be redirected to https://id.atlassian.com/login, the user will then encounter the following screen:

(Auto-migrated image: description temporarily unavailable)

Depending on the user's action, different outcomes may occur:

If the user is part of an Authentication Policy with SAML SSO enforced and clicks on Continue:

  • The user will be directed to your IdP (Azure AD) for authentication using SAML.

If the user is part of an Authentication Policy with SAML SSO enforced and clicks on continue withMicrosoft:

  • The user will be redirected to Azure AD to use their Microsoft Account for authentication.

  • This process utilizes the OAuth2.0 protocol not SAML, however if the SAML identifier is email it will match the OAuth identifier and kick SAML authentication

  • It's important to note that an Azure Enterprise Application named ‘Atlassian’ will be created to facilitate this login method;

    1. This is a different application to the Atlassian Cloud Enterprise Application

    2. The application needs to be approved by an admin, if you want to block the use of this other application you can also decide to modify the Assignment required? to Yes, this will result in the following error to be shown to users during authentication if the continue withMicrosoft option is used:

(Auto-migrated image: description temporarily unavailable)

If the user is part of an Authentication Policy without SAML SSO and clicks on Continue:

  • The user will be prompted to enter a local Atlassian Cloud password

If the user is part of an Authentication Policy without SAML SSO and click on continue withMicrosoft:

  • The user will be redirected to Azure AD to use their Microsoft Account for authentication.

  • However, because the user is not part of the SSO enforced authentication policy or SAML is not configured in the organization, the OAuth workflow will continue

  • Same principals to approving the application apply in this use case

Updated on April 11, 2025
Platform
Cloud only
Product
Atlassian Cloud Cloud
On this pageEnvironmentContextSummary

Still need help?

The Atlassian Community is here for you.
Ask the Community