User cannot log into Atlassian cloud with error - "The signed in user is blocked".
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
要約
When a user tries to log in to Atlassian cloud (for example, Jira or Confluence site), they get the error message.
Your administrator has configured the application Atlassian Cloud ... to block users unless they are specifically granted ('assigned') access to the application. The signed in user 'user@exmaple.com' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.
And, the email mentioned in the error message doesn't match the user's email in Atlassian.
環境
This can happen if you have Single Sign-On (SSO) setup in your Atlassian site.
診断
From the error message, you can notice that the user's email address that they use to log in to Atlassian is different from the email address mentioned in the error.
原因
This can happen because of the following reasons -
- Another user is logged into their Identity Providers (IdP) account and has an active session.
- The user has a different email address in their Identity Providers account from the email address in their Atlassian account.
If there is an active login session with their Identity Provider, then the user is automatically logged in to Atlassian with that logged in account. But, if the email address doesn't match, then the account may not have appropriate permissions and can get blocked. Two points to note here,
- Logging out of the Atlassian account doesn't log you out of your Identity Provider's account. There's an open suggestion regarding this - ACCESS-592 - Logging out of Atlassian account does not log out of SAML provider.
- In the same way, logging out of the Identity Provider's account doesn't log out from an Atlassian account. There's an open suggestion regarding this - ACCESS-702 - Logging out from the SAML provider doesn't log out from the Atlassian account.
ソリューション
For the first cause, make sure the other user is logged out of their Identity Provider account.
For the second cause, change the user's email address (either in their Atlassian account, or their Identity Provider account) so that both email addresses match.
You may need to contact Atlassian support for further clarification or if the above causes don't apply in your case. You can do this by raising a support issue if you are an Atlassian Site Admin.