-
Suggestion
-
Resolution: Unresolved
-
None
-
3
-
Problem Definition
Email changes initiated by SAML JIT are not recorded in organizations' Audit Logs, making it difficult for administrators to track these modifications accurately.
Steps to Reproduce
- As an admin, change a managed account's email on your Identity Provider
- The same SAML SSO-enforced user authenticates to Atlassian cloud using their old email
- SAML JIT updates the Atlassian account with the new email
- An Org Admin visits admin.atlassian.com navigates to Security > Audit log, and checks the user history by email or Atlassian account ID
The Audit Logs will not display any event to indicate the authentication that triggered the email change or the email change itself. This information is only available to Atlassian support.
Suggested Solution
Record log events that include the email change, its source, and the SAML SSO authentication that initiated the change.
Why this is important
This ensures that administrators have a comprehensive view of their environment and any changes made by their Identity Providers.
Workaround
If you need to audit such events, contact Atlassian support and provide a list of users by email for them to retrieve the information.