Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-2173

Don't deactivate users when changing sync scope for Google Workspace

XMLWordPrintable

    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem

      When user's change their Google Workspace sync setting from "Sync all users" to "Sync users only in specific groups", any users that are out-of-scope become deactivated and unsynced.

      Some admins want to just unsync users, and not deactivate them.

      Suggested Solution

      Allow admins to choose between deactivating to-be-unsynced users or just unsyncing them without deactivating them.

      Workaround

      1. Disconnect Google Workspace. This will require temporarily turning off required SSO logins in your authentication policies. The impacts of this are:

      • Users stop syncing from Google Workspace
      • Previously synced users keep product access
      • Users can log in any way they want to. You’re unable to require them to log in with Google.
      • Users from Google Workspace domains don't appear in your managed accounts.
      • Users may notice a message about no longer being managed by your organization in their Atlassian Notifications, but no emails are sent out.

      2. Re-connect Google Workspace and choose the "Sync all users only in specific groups" option.
      3. Be sure to re-enforce SAML SSO login via your authentication policies, if necessary.

      Users that become out of scope will be removed from the catch-all sync group, but they won't be deactivated.

              Unassigned Unassigned
              tbrothers Tyler B [Atlassian]
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: