...
Because of an error parsing of attributes in the ID token with the new feature in 6.7.0, any non-username attributes like email and groups and other data are exempt from the data that is parsed in the login process, thereby breaking just-in-time user provisioning and group assignments since this data is lost along the way.
This will in some cases lead to a broken login, and users will not be able to log into the respective Atlassian system. So far it seems like this bug only affects installations that are running just-in-time user provisioning in their OIDC setup.
We are investigating whether this issue also affects SAML login.
Version 6.7.0. has been withdrawn from the marketplace. Please downgrade to the previous version (6.6.3), and await a patch to be released in version 6.7.1. If you have trouble downgrading or get errors in the manage apps section, please see this process on how to downgrade to a stable version: Reverting Kantega SSO Enterprise to a stable version
Downloads for previous stable version:
...