Connect with SSO / 2FA
JIRA Server / datacenter
This error occurs when you are using a SSO solution to handle the login to Jira. As there are different Jira add-ons in the marketplace, there are different solutions to this issue. In case the add-on you are using to use SSO is not listed, please contact us - we'll make sure to provide you with fitting instructions!
If you were sent here and you are not using SSO, make sure to check the generic troubleshooting.
1. EasySSO
To fix the issue for the Easy SSO plugin for Jira, please follow the following steps.
Log in to Jira and go to the configuration page of Easy SSO.
Switch to the "User Agent Filtering Configuration" tab, as shown below:
Add the following text to the "User-Agent Excluded Rules" text box (the second one). If you have already existing entries, please put it into a new line:
COMPUTER,WINDOWS,,EMAIL_CLIENT,OUTLOOK,
Please make sure to add it exactly like that, so that it matches the UserAgent string which Outlook uses. Save the configuration - Outlook & JIRA for Outlook should now be able to access JIRA.
2. SSO by Resolution
To fix the issue for the SSO plugin by Resolution, please follow the following steps.
Log in to Jira and go to the configuration page of Resolution SSO.
Switch to the menu entry “Redirection”.
Add the following entry to the user agent whitelist at the very bottom of the page
Microsoft Outlook
Make sure to save the configuration on the top right side
3. Duo 2FA
When you are using the Duo Universal 2FA app (Duo Universal Prompt for Jira Software ), you’ll need to add an additional setting to your web.xml file (located in <jira-home>/atlassian-jira\WEB-INF\web.xml). In the section where you have the duo client id, make sure to add the bypass.APIs
parameter.
<filter>
<filter-name>duoauth</filter-name>
<filter-class>com.duosecurity.seraph.filter.DuoAuthFilter</filter-class>
<init-param>
<param-name>client.Id</param-name>
<param-value>...</param-value>
</init-param>
<init-param>
<param-name>client.Secret</param-name>
<param-value>...</param-value>
</init-param>
<init-param>
<param-name>redirecturi</param-name>
<param-value>https://.../secure/Dashboard.jspa</param-value>
</init-param>
<init-param>
<param-name>host</param-name>
<param-value>....</param-value>
</init-param>
<!-- set bypass.APIs to true to allow connecting via OAuth from Outlook / Teams -->
<init-param>
<param-name>bypass.APIs</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>fail.Open</param-name>
<param-value>true</param-value>
</init-param>
</filter>