Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-690

Allow configuration retention for disabled Atlassian Access subscription

    • 1,344
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      March 15, 2024 Update

      We have rolled out an update to retain key Atlassian Access configurations when your subscription becomes inactive following a payment issue, enabling you to more easily restore your settings.

      When your Atlassian Access subscription becomes inactive following a payment issue, security settings such as single sign-on and mandatory two-step verification will be disabled, but your critical Access configurations such as those for SAML and SCIM will be retained. To restore your settings, you will need to contact support to reactivate your Atlassian Access subscription. As long as you reactivate your subscription within 14 days after it becomes inactive, you can avoid permanently losing Atlassian Access configurations such as those for SAML and SCIM. Please refer to our documentation for more details.

      We plan to iteratively ship additional updates over the upcoming months to improve the user experience for reactivation of an inactive Atlassian Access subscription. Many of these updates will coincide with Atlassian Access subscriptions moving to the new billing engine described here in the upcoming months.

      August 9, 2023 Update

      The feature to enable retention of key Access configurations is now in progress. We plan to ship some updates iteratively for the next few months.

       

      When the Atlassian Access subscription is facing issues to be renewed, Billing Contacts are emailed to review their payment details, so the subscription isn't lost. However, email notifications are easily lost, or even categorised as spam. Once the subscription is removed, both the SAML and SCIM integration will stop working.

      At the moment when an AA subscription is disabled (ie. invalid payment method):

      • User provisioning and SAML configurations get wiped out.
      • Authentication policy number is reduced to 1 and SAML SSO enforcement is turned off.
      • If the user tries to resubscribe to it, a "Network error" message is displayed, instead of letting the user know that payment should be added.
      • Mobile app policies are removed.

      When the subscription is re-enabled, these features need to be reconfigured from scratch.

      Suggestions :
      1 - Allow a grace period from the time of disabling the features to actually removing the configurations
      OR
      2 - Revoke the API token so the admins will need to re-subscribe to access to create a new one. If they don't want to continue with Access they should have then an option to delete the directory instead of doing this automatically.
      AND

      Implement in-app notifications/banners for Org admins so they are aware that there's an issue with the Access subscription, allowing them to review it before the subscription is suspended.

        1. Screenshot 2023-05-17 at 10.48.32 AM.png
          206 kB
          Shanita Walters
        2. Screenshot 2023-08-15 at 10.25.49 AM.png
          50 kB
          Shanita Walters

            [ACCESS-690] Allow configuration retention for disabled Atlassian Access subscription

            Bhavya Nag added a comment - - edited

            We have rolled out an update to retain key Atlassian Access configurations when your subscription becomes inactive following a payment issue, enabling you to more easily restore your settings.

            When your Atlassian Access subscription becomes inactive following a payment issue, security settings such as single sign-on and mandatory two-step verification will be disabled, but your critical Access configurations such as those for SAML and SCIM will be retained. To restore your settings, you will need to contact support to reactivate your Atlassian Access subscription. As long as you reactivate your subscription within 14 days after it becomes inactive, you can avoid permanently losing Atlassian Access configurations such as those for SAML and SCIM. Please refer to our documentation for more details.

            We plan to iteratively ship additional updates over the upcoming months to improve the user experience for reactivation of an inactive Atlassian Access subscription. Many of these updates will coincide with Atlassian Access subscriptions moving to the new billing engine described here in the upcoming months.

            Bhavya Nag added a comment - - edited We have rolled out an update to retain key Atlassian Access configurations when your subscription becomes inactive following a payment issue, enabling you to more easily restore your settings. When your Atlassian Access subscription becomes inactive following a payment issue, security settings such as single sign-on and mandatory two-step verification will be disabled, but your critical Access configurations such as those for SAML and SCIM will be retained. To restore your settings, you will need to contact support to reactivate your Atlassian Access subscription. As long as you reactivate your subscription within 14 days after it becomes inactive, you can avoid permanently losing Atlassian Access configurations such as those for SAML and SCIM. Please refer to our documentation  for more details. We plan to iteratively ship additional updates over the upcoming months to improve the user experience for reactivation of an inactive Atlassian Access subscription. Many of these updates will coincide with Atlassian Access subscriptions moving to the new billing engine described  here in the upcoming months.

            Just got struck by this days after we went live. They had our CC info for the other products when they shut Access off.

            Richard Burstiner added a comment - Just got struck by this days after we went live. They had our CC info for the other products when they shut Access off.

            IT MADD added a comment -

            Just getting ready for our migration from Jira Server to Jira Cloud tomorrow and our Access subscription expired. Now we have to reconfigure the entire thing from scratch.

            IT MADD added a comment - Just getting ready for our migration from Jira Server to Jira Cloud tomorrow and our Access subscription expired. Now we have to reconfigure the entire thing from scratch.

            There is no getting your setup back, you have to start from scratch. This time however we documented exactly what we did just in case it happens again.

            Arthur Mack added a comment - There is no getting your setup back, you have to start from scratch. This time however we documented exactly what we did just in case it happens again.

            Another company hit by this. All my products were billing on one card which I updated after taking over from my predecessor, and for some reason, Access was a separate bill/not included so it lapsed while our entire subscriptions for other products continued. Now that it's been 'a few months' where does this stand, and how do I get my setup back?

            Frank Manda added a comment - Another company hit by this. All my products were billing on one card which I updated after taking over from my predecessor, and for some reason, Access was a separate bill/not included so it lapsed while our entire subscriptions for other products continued. Now that it's been 'a few months' where does this stand, and how do I get my setup back?

            Yet another victiim.

            Arthur Mack added a comment - Yet another victiim.

            So wait, this can happen any time a payment fails?  Like the bank puts a temp fraud hold on the card and oops, gotta set up SAML all over again?

            Alexander Ray added a comment - So wait, this can happen  any time a payment fails?   Like the bank puts a temp fraud hold on the card and oops, gotta set up SAML all over again?

            Just want to add my voice to this.

            As another unfortunate victim of terrible shortsightedness by Atlassian I am now faced with having to re set up the SSO and user intergration again as the bean counters stopped paying for the Atlassain acces sbecause they didnt know what it was for.

            Instead of parking the product Atlassain cut you off, leading to a whole load of issues for the end user Admin.

            Im sure Scott Farquhar couldnt give a monekys if he even knows about this.

            Rubbish product!!!!!

             

            Fausto Gherardini added a comment - Just want to add my voice to this. As another unfortunate victim of terrible shortsightedness by Atlassian I am now faced with having to re set up the SSO and user intergration again as the bean counters stopped paying for the Atlassain acces sbecause they didnt know what it was for. Instead of parking the product Atlassain cut you off, leading to a whole load of issues for the end user Admin. Im sure Scott Farquhar couldnt give a monekys if he even knows about this. Rubbish product!!!!!  

            Another victim of a really poorly thought out design. Until Atlassian fixes it so the configuration is not wiped, change the Billing to never disabled Access.

            By the way, having a separately paid thing called "Access" to enable SSO and SCEP is also a poor business decision. These are enterprise tools and having SAML/OIDC/SCEP behind a separate fee is ridiculous.

            Administration added a comment - Another victim of a really poorly thought out design. Until Atlassian fixes it so the configuration is not wiped, change the Billing to never disabled Access. By the way, having a separately paid thing called "Access" to enable SSO and SCEP is also a poor business decision. These are enterprise tools and having SAML/OIDC/SCEP behind a separate fee is ridiculous.

            Hope Man added a comment -

            The feature to enable retention of key Access configurations is now in progress. We plan to ship some updates iteratively for the next few months. 

            This sounds like an opt in when you say it like that. Will this be enabled for everybody automatically?

            This whole topic sounds like a complete nightmare tbh.

            We are currently facing an issue where just a single provisioned group was deleted, and that has been a struggle to recover from already, as now audit logs are created and there is no way to backtrack the lost information. The problem described in this ticket sounds even worse.

            Hope Man added a comment - The feature to enable retention of key Access configurations is now in progress. We plan to ship some updates iteratively for the next few months.  This sounds like an opt in when you say it like that. Will this be enabled for everybody automatically? This whole topic sounds like a complete nightmare tbh. We are currently facing an issue where just a single provisioned group was deleted, and that has been a struggle to recover from already, as now audit logs are created and there is no way to backtrack the lost information. The problem described in this ticket sounds even worse.

              e902c0832f88 Sudesh Peram
              rmacalinao Ramon M
              Votes:
              201 Vote for this issue
              Watchers:
              169 Start watching this issue

                Created:
                Updated: