Atlassian Single Sign On (SSO) flow fails with the following error:

Hmm... we're having trouble logging you in. Please try again with a different authentication method.

 

The following error is visible on the Atlassian URL:   

authentication-policy-strategy-mismatch

Example URL: https:///<domain>.atlassian.com/login/callback?error=unauthorized&error_description=authentication-policy-strategy-mismatch%%%%%%%%%%
 

• Single Sign-On (SSO)
• Secure Assertion Markup Language (SAML)
• Atlassian
• error: access_denied

When Use SAML single sign-on is selected, Atlassian redirects users from the authentication policy to the Security Assertion Markup Language (SAML) SSO configuration page. Once SAML SSO is configured, admins must also enforce SSO in the policy.

To enforce single sign-on:

1. Go to admin.atlassian.com. Select the org if there is more than one.
2. Select Security > Authentication policies.
3. Select Edit for the policy desired to be enforced.
4. Select Enforce single sign-on.

If the same error message appears after enforcing a single sign-on in the policy, please open a support case with Atlassian support. They can assist in resolving the authentication-policy-strategy-mismatch error.
Once the issue is resolved, the user can sign in with SSO to Atlassian.

Related References

• Configure and enforce SAML single sign-on with authentication policies
• Understand authentication policies
• How to Configure SAML 2.0 for Atlassian Cloud