Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1767

Provisioning users with certain application access does not add them to the default access groups for that application

XMLWordPrintable

      Issue Summary

      Provisioning users with certain application access does not add them to the default access groups for that application

      Steps to Reproduce

      1. Provision a user from an external IDP. The user is part of a provisioned group that grants access to a certain application

      Expected Results

      If the user is granted access to that application (via the group membership), then the user should also be added to the default application access group for that application (jira-users or confluence-users by default)

      Actual Results

      The user is only part of the provisioned group, hence having access to the application, but not to the bits that are protected by additional permissions granted to the default access groups

      Workaround

      Manually adding each user to the default application access group

            [ACCESS-1767] Provisioning users with certain application access does not add them to the default access groups for that application

            Kieren _SmolSoftware_ added a comment -

            It's disappointing that this ticket has been closed. We've released an app to fix this issue, Admin Automation, and to solve other challenging and time consuming admin tasks. The app will sync users from any groups (e.g. a group from an IdP) into the default product access groups.

            Hopefully it can help some of the people on this thread!

            -Kieren
            Co-Founder @ Smol Software | Ex-Atlassian

            Kieren _SmolSoftware_ added a comment - It's disappointing that this ticket has been closed. We've released an app to fix this issue, Admin Automation , and to solve other challenging and time consuming admin tasks. The app will sync users from any groups (e.g. a group from an IdP) into the default product access groups. Hopefully it can help some of the people on this thread! -Kieren Co-Founder @ Smol Software | Ex-Atlassian
            Kat N made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 895774 ]
            Ryan Van made changes -
            Resolution New: Not a bug [ 12 ]
            Status Original: Gathering Impact [ 12072 ] New: Closed [ 6 ]

            Ryan Van added a comment -

            Not a bug as this is intended usage for default groups

            Ryan Van added a comment - Not a bug as this is intended usage for default groups
            SET Analytics Bot made changes -
            Support reference count Original: 2 New: 3
            SET Analytics Bot made changes -
            Support reference count Original: 63 New: 2
            Del made changes -
            Component/s Original: Directory - Manage product access [ 48696 ]
            Component/s New: Group Sync [ 66416 ]
            Key Original: ID-7558 New: ACCESS-1767
            Project Original: Identity [ 16810 ] New: Atlassian Access [ 18910 ]
            SET Analytics Bot made changes -
            Support reference count Original: 62 New: 63

            Krishna Turlapati Venkata added a comment - - edited

            SCIM rep here

            This is expected behavior in SCIM's perspective/scope since SCIM does not modify default access groups. There must be a different flow for this.

            Krishna Turlapati Venkata added a comment - - edited SCIM rep here This is expected behavior in SCIM's perspective/scope since SCIM does not modify default access groups. There must be a different flow for this.
            Matthew Hunter made changes -
            Labels New: RIBS-SHORT

              dlaha Dip
              clionte Claudiu Lionte (Inactive)
              Affected customers:
              45 This affects my team
              Watchers:
              62 Start watching this issue

                Created:
                Updated:
                Resolved: