Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1314

Pre-fill email of Azure AD login screen when SAML SSO is enforced

XMLWordPrintable

    • 31

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      When a managed account has SAML SSO enforced, users can enter their email into the Atlassian login prompt and be sent to their identity provider. When users are sent to their configured Azure AD instance, they must re-enter their email on the Azure AD side as well.

      Suggested Solution

      When the user is redirected to their Azure AD login portal, pre-fill the email address that was entered in on the Atlassian side. Also, pre-fill the email address in the Atlassian login prompt.

      Why this is important

      This saves user's time. Currently, they must enter their email address twice.

      Workaround

      There is no workaround at the moment. Users must enter their email twice.

            [ACCESS-1314] Pre-fill email of Azure AD login screen when SAML SSO is enforced

            SET Analytics Bot made changes -
            Support reference count Original: 30 New: 31
            SET Analytics Bot made changes -
            Support reference count Original: 29 New: 30
            SET Analytics Bot made changes -
            Support reference count Original: 31 New: 29
            SET Analytics Bot made changes -
            Support reference count Original: 30 New: 31
            Leonardo H made changes -
            Labels Original: pl-rb New: guard-s8 pl-rb
            Holly Makris (Inactive) made changes -
            Assignee Original: Aneita [ ayang@atlassian.com ] New: Holly Makris [ d056dd6d7b90 ]

            Stefan Papakostopoulos added a comment -

            You shouldn't assume that on the Azure AD side all users sign-in using their email. Some may authenticate using UPN, which can differ from email. Atlassian would have no awareness of this UPN because it's not part of any SAML claims or SCIM provisioning attributes. If Atlassian pre-populated this value for those users, they would have to somehow back out of that sign-in flow and then enter their UPN before they could proceed. 

            The relevant Azure AD (Entra ID) feature is called Alternate ID. This feature is still in preview on the Microsoft side (as of August 1 2024), so I doubt Atlassian would hitch their wagon to it until it's GA. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-use-email-signin 

            d056dd6d7b90 - fyi in case this is actually relevant to ACCESS-1609

            Stefan Papakostopoulos added a comment - You shouldn't assume that on the Azure AD side all users sign-in using their email. Some may authenticate using UPN, which can differ from email. Atlassian would have no awareness of this UPN because it's not part of any SAML claims or SCIM provisioning attributes. If Atlassian pre-populated this value for those users, they would have to somehow back out of that sign-in flow and then enter their UPN before they could proceed.  The relevant Azure AD (Entra ID) feature is called Alternate ID. This feature is still in preview on the Microsoft side (as of August 1 2024), so I doubt Atlassian would hitch their wagon to it until it's GA. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-use-email-signin   d056dd6d7b90 - fyi in case this is actually relevant to ACCESS-1609 . 
            SET Analytics Bot made changes -
            Support reference count Original: 29 New: 30
            SET Analytics Bot made changes -
            Support reference count Original: 27 New: 29
            SET Analytics Bot made changes -
            Support reference count Original: 26 New: 27

              d056dd6d7b90 Holly Makris (Inactive)
              tbrothers Tyler B [Atlassian]
              Votes:
              49 Vote for this issue
              Watchers:
              37 Start watching this issue

                Created:
                Updated: