I have created a workaround - For JSM

• Turned off Customer Notification schema

• Created my own automation with e-mail and included the following link:

https://id.atlassian.com/login?email=EMAIL&application=jira&continue=https%3A%2F%2FSUBDOMAIN.atlassian.net%2Fservicedesk%2Fcustomer%2Fportal%2F8%2FJSMPROJECTKEY-ISSUEKEY

EMAIL: Always customer

SUBDOMAIN: Your client (subdomain.atlassian.net)

PROJECTKEY-Issuekey: XYZ-123

Only tested with SSO + M365

Anyone who now logs on to the link in Outlook will be forwarded/redirected to log on accordingly. If your e-mail is not in the link because you were not the recipient, then you log in with your logged-in user from the Outlook session.

Now Atlassian:

Tell me why, you guys don't already do this under the subdomain always/automatically?

Whether there is already an SSO/M365 session!

• My IT security had no concerns
• For our spam filter to be on the safe side: Enter the URL in the whitelist (https://id.atlassian.com/login?email=*)

EDIT:

workaround only works automatically if the customer is not logged in. The second time you call it up, you have to log in once with a pre-filled recipient address.

Edit #2

URL With Smart Value

https://id.atlassian.com/login?email=\issue.reporter.emailAddress&application=jira&continue=https://SUBDOMAIN.atlassian.net/servicedesk/customer/portal/8/{

}

Not just the need to log in. How about following a link (in an email or chat message) and getting a browser page with "this page doesn't exist" or a "you don't have permission to see this page"?

Which message you get depends on whether the sender copied it out of the URL bar or got it from the "share" (and there is a third one I can't recall ATM). If a user doesn't have permission because they aren't logged in, at least offer the link right there and suggest that they log in first! If the user is savvy enough to click the non-obvious login icon and enter their email address (three times!), they usually are not sent back to the original page they wanted to see. They have to go back and re-click the email/chat link!

Wiki use has dropped precipitously since we moved off-prem to the cloud because folks just give up for any one of the obstacles put in the way.

What is the latest ETA for this enhancement?

The requirement to log in every day (even with using SSO) is the number one complaint at my company, so anything will help.

Hi Holly makris,

thank you and your colleagues for investigating this issue.

one of my life phrases is: humans have not the time to do it right, but always the time to do it twice. 

so maybe think about it to invest time and resources for a remember me button nobody wants and the „we let it open to investigate it further“ situation. I would be a fan of do it the right way, and not twice. Especially when the „actual solution“ is not the best idea for us customers. 

best regards,

dominic

Thank you all for your continued comments on this feature request. It will remain open after the launch of "Remember me" and we will continue to explore how we can address your feedback.

As a reminder, the Identity team will be adding a “remember” option to the log in screen that will allow users to avoid having to re-enter their email in future visits.

The Identity team is working to get this feature out as soon as possible, we will post here as soon as the "Remember me" option is available. 

I'm afraid I'm going to have to pile on here and say that, while I understand the challenges when it comes to SP-initiated logins and SAML, the implementation here is sub-par compared to other SaaS software. Absent any other info, asking for an email address is common practice for these kinds of SAML implementations, as the SP doesn't actually know where to send the authentication request to unless it can map the user to a tenant. However, if our users are clicking an Atlassian site link for https://myorg.atlassian.net, which should be globally unique, the SP should be receiving a referral with that information and redirecting automatically to the configured IdP for the myorg tenant.

I think implementation of a "Remember" button should be seen as nothing more than a stop gap while a permanent solution is implemented. This proposed solution isn't addressing the desired functionality and, depending on how it's implemented, can be hindered by other org policies on user endpoints.

Nothing I'm adding here hasn't been said on this request already, and the fact this request has been opened for over 6 years doesn't give one much hope that Atlassian understands how to resolve or has the desire to resolve. Have to say, having recently migrated from on-prem Atlassian to cloud, it's been very hard to argue to the executive team and CEO why this is a step forward.

Hi,

I understand that you will release a new "remember" option on the login page by the end of November.

However, I do not see this feature as a solution to the actual problem. The root cause is still the login page itself - it should not appear during the login process when SSO is enabled, as it is counterintuitive.

Could you provide a timeframe for a solution that eliminates the login page entirely when SSO is enabled?

Atlassian should know the IdP to forward the auth request to based on the custom subdomain.

Thank you Holly for that good news.

I see in the discussions that the topic is not clear for all:

• Atlassian has to know the email address of the user before login can happen, as they select the SSO provider (from the users company or google or microsoft) based on the domain of the email address.
  After the user has entered this, they are forwarded to SSO. On our system, user has now to enter their company userid.
  Basically, that makes sense - but when I am not logged in but I return, it would be great if the system remembers my email address, so I only have to press Enter.
• For SSO, an ORG admin can defined how long a session is valid, e.g. 12h, so on the next morning the users have to confirm their login. Here, the user is not logged out - but they still have to re-enter their email address. This is not necessary.

The complexity Atlassian has seems to me they have to set a cookie

• when I logout to remember who I was last time, so they can pre-fill the email field
• when I am logged in so they know who I am and can directly forward me to to my SSO without asking. If I want another user, I can always logout and enter a new email address.

Please do not confuse this with a new feature which is announced for Oct 2024: Atlassian enables ORG admins to define the SSO which ALL users of an ORG have to use - by this, the SSO is no longer derived from the user's email address, but it uses the SSO defined in the ORG. This makes the 2FA email sending process unnecessary - as long as all users of the ORG are known in the SSO, so you cannot invite other users any more.

Hello Holly Makris,

we need a solution for this. There are many other web applications out there without this problem when I link it to a SSO provider. The Atlassian web apps want to check first the email and then goes into the authentication process. The only thing your customers want is that you look into it and short this process like million other web applications developers does in the past. This can’t be complex. 

Best regars