Issue Summary
Missing log events:
- IDP synced user removed from the group at IDP deactivates the account. The user's group removal is logged in the audit log but the user's deactivation event is not logged.
- When a Managed account gets deactivated due to Atlassian's "Export Control - Compliance Policy", the user gets the following notification:
Dear Atlassian user, U.S. law prohibits Atlassian, an Australian corporation with offices in the United States, from providing you with access to our products and services. After analyzing the applicable lists of restricted parties maintained by the U.S. Government, we were unable to confirm that your name was not affiliated with a restricted party. If this is a case of misidentification, please reply with two different copies of official documentation to verify your identity. Official documentation includes, but is not limited to, a government-issued drivers license or identification card, passport, utility bill, mortgage or bank statement, etc. Please make sure your full name and address are clearly visible. We look forward to your reply. Sincerely, Atlassian
However, this data is not recorded in the Org Audit logs so it becomes difficult for the Org Admins to understand why the Account was disabled.
Steps to Reproduce
- Remove an IDP synced user from all IDP synced groups, this will deactivate the user
- deactivated account event is not logged in audit logs through the user's group membership removal is logged.
- is duplicated by
-
ACCESS-1195 Events not captured in Audit logs - user changes and IDP user removal
-
- Closed
-
-
ACCESS-863 Add details to audit log about changes of user's profile via Organisation UI
- Closed
-
- Closed
- is related to
-
- Closed
-
- Gathering Interest
- was cloned as
-
- Gathering Interest
(1 was cloned as)
[ACCESS-1129] Add audit log when IDP synced user is removed from group in idp
| Labels | New: guard-s7 |
| Support reference count | Original: 7 | New: 8 |
| Support reference count | Original: 6 | New: 7 |
| Support reference count | Original: 5 | New: 6 |
| Summary | Original: Add user profile and account changes to org audit log - when changes are made to a Managed user | New: Add audit log when IDP synced user is removed from group in idp |
| Description |
Original:
h3. Issue Summary
Missing log events: # When an org admin makes changes to a user profile via the Organization UI: * ** Full name ** Email address ** Job title change ** Department ** Based in ** Profile picture ** Timezone # IDP synced user removed from the group at IDP deactivates the account. The user's group removal is logged in the audit log but the user's deactivation event is not logged. # When a Managed account gets deactivated due to Atlassian's "Export Control - Compliance Policy", the user gets the following notification: {noformat} Dear Atlassian user, U.S. law prohibits Atlassian, an Australian corporation with offices in the United States, from providing you with access to our products and services. After analyzing the applicable lists of restricted parties maintained by the U.S. Government, we were unable to confirm that your name was not affiliated with a restricted party. If this is a case of misidentification, please reply with two different copies of official documentation to verify your identity. Official documentation includes, but is not limited to, a government-issued drivers license or identification card, passport, utility bill, mortgage or bank statement, etc. Please make sure your full name and address are clearly visible. We look forward to your reply. Sincerely, Atlassian {noformat} However, this data is not recorded in the Org Audit logs so it becomes difficult for the Org Admins to understand why the Account was disabled. h3. Steps to Reproduce # Navigate to your Org > Directory > Managed accounts; update the email address/full name/etc. on the account # For scenario 2: remove an IDP synced user from all IDP synced groups, this will deactivate the user, deactivated account event is not logged in audit logs through the user's group membership removal is logged. |
New:
h3. Issue Summary
Missing log events: # IDP synced user removed from the group at IDP deactivates the account. The user's group removal is logged in the audit log but the user's deactivation event is not logged. # When a Managed account gets deactivated due to Atlassian's "Export Control - Compliance Policy", the user gets the following notification: {noformat} Dear Atlassian user, U.S. law prohibits Atlassian, an Australian corporation with offices in the United States, from providing you with access to our products and services. After analyzing the applicable lists of restricted parties maintained by the U.S. Government, we were unable to confirm that your name was not affiliated with a restricted party. If this is a case of misidentification, please reply with two different copies of official documentation to verify your identity. Official documentation includes, but is not limited to, a government-issued drivers license or identification card, passport, utility bill, mortgage or bank statement, etc. Please make sure your full name and address are clearly visible. We look forward to your reply. Sincerely, Atlassian {noformat} However, this data is not recorded in the Org Audit logs so it becomes difficult for the Org Admins to understand why the Account was disabled. h3. Steps to Reproduce # Remove an IDP synced user from all IDP synced groups, this will deactivate the user # deactivated account event is not logged in audit logs through the user's group membership removal is logged. |
| Link | New: This issue was cloned as ACCESS-1479 [ ACCESS-1479 ] |
| Summary | Original: Add user profile and account changes to org audit log | New: Add user profile and account changes to org audit log - when changes are made to a Managed user |
| Support reference count | Original: 4 | New: 5 |
| Link | New: This issue is related to JRACLOUD-79984 [ JRACLOUD-79984 ] |