Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-572

Allow multiple Identity Provider(IdP) configurations for a single org and domain

    • 394
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem

      Currently, Atlassian Access applies a single configuration to an Identity Provider(IdP) for an organization, which applies to all Atlassian accounts on any of that organization's verified domains. This poses a problem for organizations that are using multiple IdPs for users that share the same email domain or if an organization needs multiple SSO/provisioning configurations to support their use cases.

      Solution

      Provide a way for organizations to apply multiple SSO via SAML and/or provisioning(SCIM) configurations to different users on the same domain.

      Atlassian Update – 19th September 2022

      Hi everyone,

      This feature is now shipped in the Atlassian Cloud Enterprise Plan The documentation for this feature can be found here: https://support.atlassian.com/provisioning-users/docs/add-identity-providers-to-connect-users/

      We made the decision to not bundle security-related features in Standard and Premium product editions. This means customers on either standard or premium can purchase Access if they require our standard security features like SSO and Audit Logging.

      Anything that fits into the more Advance category of security features like Multiple Identity Providers will be packaged in our Enterprise edition as we believe this edition is the best fit for those customers.

      I know this is not ideal to hear for some customers, but the decision was not made lightly. 

      Ben Magro
      Product Manager, Cloud Security

            [ACCESS-572] Allow multiple Identity Provider(IdP) configurations for a single org and domain

            Jitender Singh added a comment - https://getsupport.atlassian.com/browse/MOVE-131265
            Ramon M made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 775801 ]
            Tatsuya Uekusa made changes -
            Link New: This issue relates to ACCESS-1526 [ ACCESS-1526 ]

            Please make this available on premium also...

            Kind regards,

            Dirk

            Dirk De Mal added a comment - Please make this available on premium also... Kind regards, Dirk
            cmac made changes -
            Link New: This issue duplicates CLOUD-10619 [ CLOUD-10619 ]
            Sascha Wiswedel made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 640811 ]

            we are 500 people organisation using multiple google domains, goingwith enterprise means we will paying for 800 people - doubling the cost

            Erdal Kaplan added a comment - we are 500 people organisation using multiple google domains, goingwith enterprise means we will paying for 800 people - doubling the cost
            Jimmy Van made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 595503 ]

            nigelss added a comment -

            Seems it is not possible to have a test environment (due to verified domains), nor to switch SSO from one IDP to another without an Enterprise plan. :sadface:

            nigelss added a comment - Seems it is not possible to have a test environment (due to verified domains), nor to switch SSO from one IDP to another without an Enterprise plan. :sadface:

            WPG added a comment -

            If I have three different site URLs, And we create three different Azure AD Enterprise Applications. Can we then have three different managed accounts directories so that we can keep each managed user account in Directory A, B or C  and prevent all users from being synced to all sites?

             

             

            WPG added a comment - If I have three different site URLs, And we create three different Azure AD Enterprise Applications. Can we then have three different managed accounts directories so that we can keep each managed user account in Directory A, B or C  and prevent all users from being synced to all sites?    

              bmagro Ben Magro (Inactive)
              dmeyer Dave Meyer
              Votes:
              284 Vote for this issue
              Watchers:
              270 Start watching this issue

                Created:
                Updated:
                Resolved: