Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1578

SAML SSO email changes don't appear on organization Audit Logs

    • 3
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      Email changes initiated by SAML JIT are not recorded in organizations' Audit Logs, making it difficult for administrators to track these modifications accurately.

      Steps to Reproduce

      1. As an admin, change a managed account's email on your Identity Provider
      2. The same SAML SSO-enforced user authenticates to Atlassian cloud using their old email
      3. SAML JIT updates the Atlassian account with the new email
      4. An Org Admin visits admin.atlassian.com navigates to Security > Audit log, and checks the user history by email or Atlassian account ID

      The Audit Logs will not display any event to indicate the authentication that triggered the email change or the email change itself. This information is only available to Atlassian support.

      Suggested Solution

      Record log events that include the email change, its source, and the SAML SSO authentication that initiated the change. 

      Why this is important

      This ensures that administrators have a comprehensive view of their environment and any changes made by their Identity Providers.

      Workaround

      If you need to audit such events, contact Atlassian support and provide a list of users by email for them to retrieve the information.

              Unassigned Unassigned
              e54f8a037344 Fernando S
              Votes:
              6 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: