Details
-
Bug
-
Resolution: Fixed
-
High
-
None
-
178
-
Description
Hi everyone,
The feature has now been fully rolled out. Our public-facing documentation has been updated to reflect these changes.
Also, note that we have kicked off scoping for a fast-follow functionality that would allow admins to delete accounts that have not yet been verified.
Best regards,
Ilya Bagrak
Principal Product Manager, Enterprise Cloud
ibagrak (at) atlassian.com
Hi everyone,
I am very excited to share that over the next few days we will begin to roll out a set of features to address this issue. The changes will allow admins to:
- see accounts with unverified emails on the Managed Accounts page
- filter for unverified accounts on the Managed Accounts page
- resend the verification email to any account that has not yet verified their email address.
Our public-facing documentation has been updated to reflect these changes ahead of the rollout.
Best regards,
Ilya Bagrak
Principal Product Manager, Enterprise Cloud
ibagrak (at) atlassian.com
Issue Summary
When a new email address is known to Atlassian either via account creation or email change, the email address needs to be verified so that our system will know that there is a valid mailbox for the email address. If the email address is not verified, the account will not be activated and will cause the following problems.
- Email change will not proceed.
- User cannot login using the unverified email address.
For managed accounts, only verified accounts will be listed. Org admins will not be able to identify that the account is unverified when their end user complains that they cannot login to Atlassian. Org admins may also consider the unverified email address as free to use for email address change when it's not.
Steps to Reproduce
- Set up an AA organization and claim a domain
- Invite a new domain user to any Cloud site
- Skip the verification email for the new domain user
- Go to Managed Accounts in admin.atlassian.com
Invitation pending user is not manageable via REST API as well:
API_TOKEN="__YOUR_ORG_TOKEN__" AAID="5e376c2d14836c0cc108afcd" curl --request GET \ --user "${USER}:${API_TOKEN}" \ --url "https://api.atlassian.com/users/${AAID}/manage" \ --header "Authorization: Bearer ${API_TOKEN}" \ --header "Content-Type: application/json"
{
"key": "forbidden",
"context": "Error: Caller must be an org admin of targeted account or be the targeted account",
"errorKey": "forbidden",
"errorDetail": "Error: Caller must be an org admin of targeted account or be the targeted account"
}
Expected Results
The unverified domain account should be listed as "unverified". The admin should then have the option to send a new verification email or a password reset email.
Actual Results
The unverified domain accounts are unknown to the Org admins.
Notes
A password reset email can be used to initiate a verification in case the user missed the original verification email.
Workaround
If a domain account is existing in Atlassian Cloud but is not listed under the org's Managed Accounts, please contact Atlassian Support to check the status of the account.
To allow an unverified email address to appear under Managed Accounts
- Launch an incognito browser in Chrome and access https://id.atlassian.com/login/resetpassword
- Send a password reset email to the domain email address
- Request the user to access password reset email in the domain mail inbox. Set a password
- The password reset will activate the account and it should start appearing under Managed Accounts
For Customers using SAML SSO, password resets cannot be sent/used as authentication is enforced through the Identity Provider
- Use the Export accounts functionality to get the user Atlassian account id
- With this ID, navigate to your Organization's Managed Accounts, Show the Details of a Managed Account, and replace the Atlassian account ID with the one gathered from above
- Change the Email Address of the Unverified Account and revert the change and it'll appears in Managed Accounts
Attachments
Issue Links
- blocks
-
ACCESS-137 Show verification status of Atlassian account in managed accounts view
- Closed
- causes
-
-
- Closed
-
- is related to
-
- Closed
- relates to
-
-
- Closed
-
-
- Closed
-
ESPRESSO-712 Loading...
- has action
-
- is resolved by
-
- mentioned in
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-