-
Suggestion
-
Resolution: Unresolved
-
7
-
At this moment, when Managed Users are provisioned via SCIM from an Identity Provider, the Public Name field remains unlocked.
Steps to Reproduce
- Sync a user registered in one of the verified domains from an Identity Provider.
- As the user, log in at https://id.atlassian.com/manage-profile/profile-and-visibility
Expected Results
The Public Name field should be locked so end-users shouldn't be able to change it.
Actual Results
The end user is capable of changing the Public Name freely:
Workaround
As mentioned in ACCESS-1229, the SCIM API accepts the 'nickName' attribute, which will update the end-user Public Name when synced from the Identity Provider.
It's also possible to change the Public Name of a synced user by using the following API endpoint:
Those workarounds can help the Org Admin adjust the public names when it has been modified, but won't prevent the end-user from changing it back. It might be necessary to contact the end-user to ask them to avoid making any further changes, if necessary.
[ACCESS-1843] Lock the "Public name" when users are provisioned via SCIM
| Support reference count | Original: 6 | New: 7 |
| Support reference count | Original: 5 | New: 6 |
| Support reference count | Original: 4 | New: 5 |
| Support reference count | Original: 3 | New: 4 |
| Labels | New: guard-s8 |
| Support reference count | Original: 2 | New: 3 |
| Support reference count | Original: 1 | New: 2 |
| Support reference count | New: 1 |
| Description |
Original:
At this moment, when [Managed Users|https://support.atlassian.com/user-management/docs/what-are-managed-accounts/] are provisioned via SCIM from an Identity Provider, the *Public Name* field remains unlocked.
h3. Steps to Reproduce # Sync a user registered in one of the verified domains from an Identity Provider. # As the user, log in at [https://id.atlassian.com/manage-profile/profile-and-visibility] h3. Expected Results The *Public Name* field should be locked so end-users shouldn't be able to change it. h3. Actual Results The end user is capable of changing the *Public Name* freely: !image-2024-06-04-11-39-18-792.png|width=429,height=252! h3. Workaround As mentioned in It's also possible to change the Public Name of a synced user by using the following API endpoint: * [User management REST API - Update profile|https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-profile/#api-users-account-id-manage-profile-patch] Those workarounds can help the Org Admin adjust the public names when they are modified, but won't prevent the end-user from changing it back. It might be necessary to contact the end-user to ask them to avoid making any further changes, if necessary. |
New:
At this moment, when [Managed Users|https://support.atlassian.com/user-management/docs/what-are-managed-accounts/] are provisioned via SCIM from an Identity Provider, the *Public Name* field remains unlocked.
h3. Steps to Reproduce # Sync a user registered in one of the verified domains from an Identity Provider. # As the user, log in at [https://id.atlassian.com/manage-profile/profile-and-visibility] h3. Expected Results The *Public Name* field should be locked so end-users shouldn't be able to change it. h3. Actual Results The end user is capable of changing the *Public Name* freely: !image-2024-06-04-11-39-18-792.png|width=429,height=252! h3. Workaround As mentioned in It's also possible to change the Public Name of a synced user by using the following API endpoint: * [User management REST API - Update profile|https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-profile/#api-users-account-id-manage-profile-patch] Those workarounds can help the Org Admin adjust the public names when it has been modified, but won't prevent the end-user from changing it back. It might be necessary to contact the end-user to ask them to avoid making any further changes, if necessary. |
| Description |
Original:
At this moment, when [Managed Users|https://support.atlassian.com/user-management/docs/what-are-managed-accounts/] are provisioned via SCIM from an Identity Provider, the *Public Name* field remains unlocked.
h3. Steps to Reproduce # Sync a user registered in one of the verified domains from an Identity Provider. # As the user, log in at [https://id.atlassian.com/manage-profile/profile-and-visibility] h3. Expected Results The *Public Name* field should be locked so end-users shouldn't be able to change it. h3. Actual Results The end user is capable of changing the *Public Name* freely: !image-2024-06-04-11-39-18-792.png|width=429,height=252! h3. Workaround As mentioned in It's also possible to change the Public Name of a synced user by using the following API endpoint: * [User management REST API - Update profile|https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-profile/#api-users-account-id-manage-profile-patch] |
New:
At this moment, when [Managed Users|https://support.atlassian.com/user-management/docs/what-are-managed-accounts/] are provisioned via SCIM from an Identity Provider, the *Public Name* field remains unlocked.
h3. Steps to Reproduce # Sync a user registered in one of the verified domains from an Identity Provider. # As the user, log in at [https://id.atlassian.com/manage-profile/profile-and-visibility] h3. Expected Results The *Public Name* field should be locked so end-users shouldn't be able to change it. h3. Actual Results The end user is capable of changing the *Public Name* freely: !image-2024-06-04-11-39-18-792.png|width=429,height=252! h3. Workaround As mentioned in It's also possible to change the Public Name of a synced user by using the following API endpoint: * [User management REST API - Update profile|https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-profile/#api-users-account-id-manage-profile-patch] Those workarounds can help the Org Admin adjust the public names when they are modified, but won't prevent the end-user from changing it back. It might be necessary to contact the end-user to ask them to avoid making any further changes, if necessary. |