Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-2198

Email or in-product notification before SCIM API key expiry

    • 7
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      When a SCIM API key is going to expire, admins must view the API key expiration date in their provisioning settings.

      Admins are not able to receive notifications about their SCIM API key expiring in other ways, like via email or in-product banners.

      Suggested Solution

      Send email notifications and have in-product banners/warnings in prominent places that warn admins about their SCIM API key expiring soon (ex. at 30d, 14d, 7d and 1d before the expiry). The notifications should provide clear step-by-step instructions on how to prevent downtime when rotating keys, or provide a link to documentation that does so.

      Why this is important

      Admins rely on provisioning for critical lifecycle management of user profiles. Even a short downtime may lead to out-of-sync issues between users and group data in the identity provider and in Atlassian Cloud. For example, a user may retain access to a Jira instance despite being deactivated in the identity provider.

      Workaround

      Admins must manually track the expiration of their SCIM API keys. Admins can view when their SCIM API key expires by following the instructions here.

            [ACCESS-2198] Email or in-product notification before SCIM API key expiry

            SET Analytics Bot made changes -
            Support reference count Original: 6 New: 7
            Kat N made changes -
            Link New: This issue duplicates ACCESS-2194 [ ACCESS-2194 ]
            Kat N made changes -
            Link New: This issue is duplicated by ACCESS-2194 [ ACCESS-2194 ]
            Kat N made changes -
            Description Original: h3. User Problem
            We will start to add expiry to the SCIM API keys from April 28th onwards. As an organisation admin, we'd like to receive email notifications before the SCIM API keys expire.

            h3. Suggested Solutions
            Send emails to org admins 30d, 14d, 7d and 1d before the expiry.

            h3. Current Workarounds
            None
            New: h3. Problem Definition

            When a SCIM API key is going to expire, admins must [view the API key expiration date in their provisioning settings|https://support.atlassian.com/provisioning-users/docs/manage-scim-api-key-expiration/#View-API-key-expiration-for-SCIM].

            Admins are not able to receive notifications about their SCIM API key expiring in other ways, like via email or in-product banners.
            h3. Suggested Solution

            Send email notifications and have in-product banners/warnings in prominent places that warn admins about their SCIM API key expiring soon (ex. at 30d, 14d, 7d and 1d before the expiry). The notifications should provide clear step-by-step instructions on how to prevent downtime when rotating keys, or provide a link to documentation that does so.
            h3. Why this is important

            Admins rely on provisioning for critical lifecycle management of user profiles. Even a short downtime may lead to out-of-sync issues between users and group data in the identity provider and in Atlassian Cloud. For example, a user may retain access to a Jira instance despite being deactivated in the identity provider.
            h3. Workaround

            Admins must manually track the expiration of their SCIM API keys. Admins can view when their SCIM API key expires by following the instructions [here|https://support.atlassian.com/provisioning-users/docs/manage-scim-api-key-expiration/#View-API-key-expiration-for-SCIM].
            Kat N made changes -
            Summary Original: Email notification before SCIM API key expiry New: Email or in-product notification before SCIM API key expiry
            SET Analytics Bot made changes -
            Support reference count Original: 5 New: 6
            SET Analytics Bot made changes -
            Support reference count Original: 4 New: 5
            SET Analytics Bot made changes -
            Support reference count Original: 3 New: 4
            SET Analytics Bot made changes -
            Support reference count Original: 2 New: 3
            SET Analytics Bot made changes -
            Support reference count Original: 1 New: 2

              Unassigned Unassigned
              a9811fcf7424 Kaz Nobutani
              Votes:
              8 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: