-
Bug
-
Resolution: Cannot Reproduce
-
Medium
-
None
-
2
-
Summary
In Organization menu, users can verify a domain that has been claimed through G Suite. However, this will break the SSO redirection to Google when logging in, as domain claim is overridden
Steps to Reproduce
- Connect your domain to G Suite, sync G Suite to your cloud instance
- Create an organization
- Claim the domain in the organization
Expected Results
Domain Claim in organization should fail for the domain that has been claimed through G Suite
Actual Results
Domain Claim successful, and override the G Suite domain claim
Notes
In our documentation, we clearly mentioned that it should not be possible:
- Domain verification
If you're using G Suite
Your users authenticate with Google. Because you verify your domain as part of your integration with Google, you can't verify your domain from your Atlassian Cloud site. If you want to verify your domain, you'll need to disconnect the G Suite integration.
If your users for another domain aren't connected through G Suite, you can still verify that domain and set a password policy for those users.
Workaround
Don't verify the domain again in Organization
[ACCESS-715] In Organization, users can claim a domain that has been claimed by G Suite
Do the watchers of this issue still experience this bug? We have not had any recent reports of it. Thank you!
Patrik Thunström
added a comment - I would also like to point out that there's a bit of a feature disparity between domains controlled through the domain verification and g suite controlled domains;
One advantage seen by verifying your domain is that you can see a complete list of email addresses and users registered on your domain, and I also believe that this list extends to accounts initially registered with a email address from your domain and since then changed to some other email address.
This way you get a clear indication of all currently active Atlassian users from within your domain, whereas when you use the G Suite integration you will only see the accounts currently being synced through your groups, any manually created users with email addresses on your domain will not show up...
As such, the G Suite integration in itself could also have good use of the User Management page from the organization management section, for the domain claimed using the G suite integration.
Patrik Thunström
added a comment - I would also like to point out that there's a bit of a feature disparity between domains controlled through the domain verification and g suite controlled domains;
One advantage seen by verifying your domain is that you can see a complete list of email addresses and users registered on your domain, and I also believe that this list extends to accounts initially registered with a email address from your domain and since then changed to some other email address.
This way you get a clear indication of all currently active Atlassian users from within your domain, whereas when you use the G Suite integration you will only see the accounts currently being synced through your groups, any manually created users with email addresses on your domain will not show up...
As such, the G Suite integration in itself could also have good use of the User Management page from the organization management section, for the domain claimed using the G suite integration.
As I did not receive any responses to this comment I am closing this ticket.
If you do not think this issue should have been closed, please add a comment here saying why and we can reopen it.