"A3 BAD User is authenticated but not connected" error returned on the Test action when setting up a new Jira mail handler.

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.

Problem

"A3 BAD User is authenticated but not connected" error returned on the Test action when setting up a new Jira mail handler.

Environment

Setting up a new Jira mail handler via a new Jira incoming mail server.

Cause

Cause 1

The O365 configuration to allow IMAP over OAuth2.0 is incomplete, as the "IMAP4" rule is missing from the Client Access Rules. See Microsoft Documentation.

Cause 2

When following the steps to configure your Jira incoming mail server to use OAuth 2.0, the request to "Authorize" was not completed by the mailbox owner or delegated user.

For example:

  1. A user is attempting to configure Jira's incoming mail server to use OAuth 2.0 for the account support@atlassian.com 
  2. A user authenticated to Jira with the username charlie@altassian.com and redirected to Google or Microsoft Office365 when they click "Authorize"
  3. A user enters their charlie@atlassian.com username and password to authorize the OAuth 2.0 connection between Jira and the email service provider. 

The problem is that charlie@atlassian.com can't allow the OAuth connection between Jira and support@atlassian.com.

Cause 3

When following the steps to configure your Jira incoming mail server to use OAuth 2.0, the OAuth client secret was not set correctly. In this case, the error may appear as the following in the logs:

  • QBK3 BAD User is authenticated but not connected
  • CSA3 BAD User is authenticated but not connected

Solution

Resolution 1

Ensure the "IMAP4" rule is added to Client Access Rules in O365 for both the mailbox and the OAuth account, and when testing the input in O365 using Jira context, the test is completed successfully.

Resolution 2

Complete the "Authorize" request using OAuth2.0 with username and password for the required email account.

For example, when the user support@atlassian.com is redirected to Google or Microsoft Office365 and allows the OAuth connection between Jira and the mailbox for support@atlassian.com, the connection will succeed.

Resolution 3

Use the steps from Generate an OAuth 2.0 key and secret in Azure to set the OAuth client secret in Jira.


Last modified on Jun 18, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.