Microsoft Entra ID single sign-on button for Confluence is not showing on login page
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After upgrading Confluence (or installing the below listed Confluence versions), Microsoft Azure Active Directory single sign-on for Confluence app:
- Does not show the Login with Entra ID button on the login screen
- Does not auto-login to Entra ID when the Enable Force Azure Login configuration is enabled
Environment
- Confluence Server or Confluence Data Center integrated with Microsoft Azure Active Directory single sign-on for Confluence app v6.3.10
- Only the following Confluence versions are affected:
- Confluence 8.5.5+
- Confluence 8.7.2+
- Confluence 8.6.2 is not affected
- Confluence 7.19.19 is not affected
Expected Results
With the Microsoft Azure Active Directory single sign-on for Confluence app installed, the Confluence login page:
- Should show a Login with Entra ID button; or
- Auto log-in to Entra ID if the Enable Force Azure Login is enabled in the Microsoft SSO app configuration
Actual Results
The Confluence login page does not show the Login with Entra ID button 
Root cause
Microsoft Azure Active Directory single sign-on for Confluence app v6.3.10 is not compatible with the above affected Confluence versions as the default Confluence login.vm file has changed from previous versions.
The latest Confluence versions no longer have a DOM object on the Confluence login page called id="os_username-label". As a result, the Microsoft SSO app is unable to locate the os_username-label DOM object and fails to inject the HTML for the Login with Entra ID button.
Workaround for Confluence Data Center
Confluence Data Center is bundled with the SSO for Atlassian Server and Data Center App. Confluence Data Center instances should therefore uninstall the Microsoft Azure Active Directory single sign-on for Confluence app and migrate across to the native Confluence SAML Authenticator as described in How to integrate Confluence Data Center with Azure for SAML 2.0 SSO.
The high level steps to migrate to the Confluence DC SAML SSO Authenticator:
- Update the Microsoft Entra » Enterprise Applications » Edit the Confluence SAML SSO by Microsoft
- Update the Basic SAML Configuration section:
- Remove any trailing slash from the Identifier (Entity ID) value
- Update both the Reply URL and Sign on URL to point:
- From
<confluence-base-url>/plugins/servlet/saml/auth - To
<confluence-base-url>/plugins/servlet/samlconsumer
- From
- Update the Basic SAML Configuration section:
- Navigate to Confluence Administration » General Configuration » Authentication Methods
- Setup a new SAML SSO authenticator as detailed in How to integrate Confluence Data Center with Azure for SAML 2.0 SSO.
Temporary workaround for Confluence Server and Confluence Data Center
These steps are no longer required and are left here for reference. Please follow the resolution steps to update to the latest version of Microsoft Azure Active Directory single sign-on for Confluence app that now has a fix.
Confluence does not need to be shutdown, the below changes will take effect immediately.
The below changes will need to be manually applied to every Confluence node if running as a Cluster
Backup
<confluence-install-dir>/confluence/login.vmEdit
<confluence-install-dir>/confluence/login.vmUpdate FROM:
<fieldset class="compact-form-fields"> #assistiveLegend("accessibility.form.login")Update TO (added three new lines):
<fieldset class="compact-form-fields"> #assistiveLegend("accessibility.form.login") <div class="field-group"> <span id="os_username-label" style="display:none">None</span> </div>This will resolve Microsoft SSO app for the affected Confluence versions and:
Add the Login with Entra ID button; and
Auto login to Entra ID if Enable Force Azure Login is set
Resolution
- Revert the changes to login.vm in Confluence if the above workaround was applied to login.vm
- Update to the fixed Microsoft Azure Active Directory single sign-on for Confluence app v7.1.0 in Confluence Manage Apps (released by Microsoft)