Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1834

Automatically move users from local policy to IDP linked policy once they are provisioned

XMLWordPrintable

    • 14

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      If a user who was not provisioned earlier has a link created with IDP, we should automatically move them to the IDP-linked authentication policy.

            [ACCESS-1834] Automatically move users from local policy to IDP linked policy once they are provisioned

            Craig added a comment - - edited

            somehow not only do we have 2 default policies (we only had one before Atlassian guard activation) but when a user registers using the IDP (the original default policy) they are now all put in the local directory (new additional default policy we didn't set)   I mean atleast if they went into the default policy we defined it would be ok.. but now I have a bunch of users in the wrong policy, and all new users going to the wrong policy.

             

            Craig added a comment - - edited somehow not only do we have 2 default policies (we only had one before Atlassian guard activation) but when a user registers using the IDP (the original default policy) they are now all put in the local directory (new additional default policy we didn't set)   I mean atleast if they went into the default policy we defined it would be ok.. but now I have a bunch of users in the wrong policy, and all new users going to the wrong policy.  

            Magdalena Zhisheva added a comment -

            It's really frustrating that a user needs to contact us once they are part of the OKTA group, so we have to move them from one policy to the other. We currently changed our default policy related to our domain, so we can ensure that the Trello Free users, will be assigned to a policy where the 2FA is mandatory. This helps us to ensure our secure log in for something we can't control the registration process of.

            Based on the logs, Atlassian receives a log entry that the user is part of the IDP and I assume this can be used as a trigger the user to be automatically moved to the IDP-linked authentication policy.

             

            Happy to share any further details on our use case (if needed).

            Magdalena Zhisheva

            Magdalena Zhisheva added a comment - It's really frustrating that a user needs to contact us once they are part of the OKTA group, so we have to move them from one policy to the other. We currently changed our default policy related to our domain, so we can ensure that the Trello Free users, will be assigned to a policy where the 2FA is mandatory. This helps us to ensure our secure log in for something we can't control the registration process of. Based on the logs, Atlassian receives a log entry that the user is part of the IDP and I assume this can be used as a trigger the user to be automatically moved to the IDP-linked authentication policy.   Happy to share any further details on our use case (if needed). Magdalena Zhisheva

              e991817d4d08 Sri Ram Vishnuvajjula
              b23de49ea095 Abhishek
              Votes:
              9 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated: