Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1497

Allow the Atlassian Account email address to be mapped to an attribute via Azure AD sync

XMLWordPrintable

    • 12

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      At the moment, the Azure AD sync will use the Azure AD email address and the UPN as fallback for the synced Atlassian Account email address.

      SAML-SSO attribute setting in Azure AD allows to map the email address (unique user identifier) to certain attributes in Azure AD. User provisioning via SCIM also allows this.

      This can lead to duplicate accounts if the SAML-SSO attribute mapped is not the primary email as used by Azure AD sync.

      Suggestion
      To match Azure AD sync with SAML SSO and avoid duplicate accounts, allow the Atlassian Account email address to be mapped to an Azure AD attribute via Azure AD sync

            [ACCESS-1497] Allow the Atlassian Account email address to be mapped to an attribute via Azure AD sync

            SET Analytics Bot made changes -
            Support reference count Original: 11 New: 12
            Neel Gandhi made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 1030727 ]
            SET Analytics Bot made changes -
            Support reference count Original: 10 New: 11

            Brandon Garner added a comment -

            You can either sync using "User Principal Name" or "Email".  The feature is live, and switching from Email to UPN is seamless unless there is an Atlassian account already tied to the UPN in addition to an account tied to the Email.  In that case, one must change the email address used in the account tied to the UPN (to something not tied to an Atlassian account) and then perform a directory sync again...at which point the account that was previously tied to the UPN can be deleted.

             

            In short...yes, it is live now and working great.  Here's a link to the documentation:  https://support.atlassian.com/provisioning-users/docs/set-up-sync-settings/

            Brandon Garner added a comment - You can either sync using "User Principal Name" or "Email".  The feature is live, and switching from Email to UPN is seamless unless there is an Atlassian account already tied to the UPN in addition to an account tied to the Email.  In that case, one must change the email address used in the account tied to the UPN (to something not tied to an Atlassian account) and then perform a directory sync again...at which point the account that was previously tied to the UPN can be deleted.   In short...yes, it is live now and working great.  Here's a link to the documentation:   https://support.atlassian.com/provisioning-users/docs/set-up-sync-settings/

            Cristian Iorio added a comment -

            Hello Team,

            is this feature live now?

            Cristian Iorio added a comment - Hello Team, is this feature live now?
            SET Analytics Bot made changes -
            Support reference count Original: 9 New: 10
            SET Analytics Bot made changes -
            Support reference count Original: 8 New: 9
            Nancy Lopez made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 987166 ]
            SET Analytics Bot made changes -
            Support reference count Original: 7 New: 8
            SET Analytics Bot made changes -
            Support reference count Original: 6 New: 7

              d056dd6d7b90 Holly Makris (Inactive)
              rmacalinao Ramon M
              Votes:
              28 Vote for this issue
              Watchers:
              26 Start watching this issue

                Created:
                Updated: