-
Suggestion
-
Resolution: Fixed
-
None
-
394
-
Problem
Currently, Atlassian Access applies a single configuration to an Identity Provider(IdP) for an organization, which applies to all Atlassian accounts on any of that organization's verified domains. This poses a problem for organizations that are using multiple IdPs for users that share the same email domain or if an organization needs multiple SSO/provisioning configurations to support their use cases.
Solution
Provide a way for organizations to apply multiple SSO via SAML and/or provisioning(SCIM) configurations to different users on the same domain.
Hi everyone,
This feature is now shipped in the Atlassian Cloud Enterprise Plan The documentation for this feature can be found here: https://support.atlassian.com/provisioning-users/docs/add-identity-providers-to-connect-users/
We made the decision to not bundle security-related features in Standard and Premium product editions. This means customers on either standard or premium can purchase Access if they require our standard security features like SSO and Audit Logging.
Anything that fits into the more Advance category of security features like Multiple Identity Providers will be packaged in our Enterprise edition as we believe this edition is the best fit for those customers.
I know this is not ideal to hear for some customers, but the decision was not made lightly.
Ben Magro
Product Manager, Cloud Security
- duplicates
-
- Closed
- is duplicated by
-
- Closed
- is related to
-
- Closed
-
- Closed
- relates to
-
- In Progress
-
- Closed
- supersedes
-
- Closed
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[ACCESS-572] Allow multiple Identity Provider(IdP) configurations for a single org and domain
we are 500 people organisation using multiple google domains, goingwith enterprise means we will paying for 800 people - doubling the cost
Seems it is not possible to have a test environment (due to verified domains), nor to switch SSO from one IDP to another without an Enterprise plan. :sadface:
If I have three different site URLs, And we create three different Azure AD Enterprise Applications. Can we then have three different managed accounts directories so that we can keep each managed user account in Directory A, B or C and prevent all users from being synced to all sites?
f9b72c0781f5 Done
339060e7e1cf No plans. Further details have been added is the details field.
Hi Ben Magro,
Would it be possible for you to update something around the issue fields, so users don't need to scroll through comments to understand that this is now only for Enterprise plans?
I guess there will be some documentation as well, so as soon as that's ready, a link to it would also be great.
Thanks.
Enterprise Plan for which product?
Referring to my specific requirement - the ability for Trello users to access the app on their phones, which do not support SAML SSO (mobiles are personal and thus unmanaged).
This is now available to all customers in the Enterprise Plan.
https://getsupport.atlassian.com/browse/MOVE-131265