Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1176

Provide a way for users removed from the provisioning scope to remain active

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem:

      When a SCIM synced user is removed from a provisioned group in IdP, the user immediately gets deactivated. This happens when the user's Atlassian cloud app assignment in the IdP is intact due to its membership in a single group. So the removal of user from this IdP group breaks the Atlassian application assignment for the user and the corresponding Atlassian account is de-activated.

      Suggestion:

      There are cases when the users have access to multiple cloud instances some via the IdP group product access and others via accepting invitation from the site admin. The accounts need to remain active even if they have been removed from the Idp groups. So in such cases, requesting for an alternative to prevent the user's getting de-activated when their group membership is removed.

      ie. Provide a way for admins to remove delete the SCIM data (synced status) of an account via the UI.

            [ACCESS-1176] Provide a way for users removed from the provisioning scope to remain active

            Kat N made changes -
            Resolution New: Duplicate [ 3 ]
            Status Original: Gathering Interest [ 11772 ] New: Closed [ 6 ]
            Kat N made changes -
            Link New: This issue relates to ACCESS-1021 [ ACCESS-1021 ]
            Roman P made changes -
            Link New: This issue duplicates ACCESS-1021 [ ACCESS-1021 ]
            Ramon M made changes -
            Summary Original: Alternative for users getting deactivated when their group membership in Identity Provider is revoked. New: Provide a way for users removed from the provisioning scope to remain active
            Ramon M made changes -
            Description Original: *Problem:*

            When a SCIM synced user is removed from a provisioned group in IdP, the user immediately gets deactivated. This happens when the user's Atlassian cloud app assignment in the IdP is intact due to its membership in a single group. So the removal of user from this IdP group breaks the Atlassian application assignment for the user and the corresponding Atlassian account is de-activated.

            *Suggestion:*

            There are cases when the users have access to multiple cloud instances some via the IdP group product access and others via accepting invitation from the site admin. So in such cases, requesting for an alternative to prevent the user's getting de-activated when their group membership is removed.

            		New: *Problem:*

            When a SCIM synced user is removed from a provisioned group in IdP, the user immediately gets deactivated. This happens when the user's Atlassian cloud app assignment in the IdP is intact due to its membership in a single group. So the removal of user from this IdP group breaks the Atlassian application assignment for the user and the corresponding Atlassian account is de-activated.

            *Suggestion:*

            There are cases when the users have access to multiple cloud instances some via the IdP group product access and others via accepting invitation from the site admin. The accounts need to remain active even if they have been removed from the Idp groups. So in such cases, requesting for an alternative to prevent the user's getting de-activated when their group membership is removed.

            ie. Provide a way for admins to remove delete the SCIM data (synced status) of an account via the UI.
            npv (Inactive) made changes -
            Description Original: There is no ability to display a list of users managed externally via Atlassian Access against those managed otherwise (i.e. SCIM-managed vs Managed Accounts vs non-managed).

            The workaround to *Export accounts* in the *Managed accounts* screen as a CSV and going through the list of users is not ideal and time-consuming.

            Please provide an option to display differently managed users.             		New: *Problem:*

            When a SCIM synced user is removed from a provisioned group in IdP, the user immediately gets deactivated. This happens when the user's Atlassian cloud app assignment in the IdP is intact due to its membership in a single group. So the removal of user from this IdP group breaks the Atlassian application assignment for the user and the corresponding Atlassian account is de-activated.

            *Suggestion:*

            There are cases when the users have access to multiple cloud instances some via the IdP group product access and others via accepting invitation from the site admin. So in such cases, requesting for an alternative to prevent the user's getting de-activated when their group membership is removed.

            npv (Inactive) made changes -
            Component/s Original: IdP SSO - Google Cloud (G Suite) [ 53304 ]
            Component/s New: User Sync - SCIM Maintenance [ 66413 ]
            Component/s New: IdP SSO - Account de / activation [ 64196 ]
            npv (Inactive) made changes -
            Reporter Original: KP [ kpillai ] New: npv [ 07b65cdcf5f4 ]
            npv (Inactive) made changes -
            Link New: This issue is cloned from ACCESS-829 [ ACCESS-829 ]
            npv (Inactive) created issue -

              Unassigned Unassigned
              07b65cdcf5f4 npv (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: