Details
-
Suggestion
-
Resolution: Unresolved
-
314
-
Description
Current functionality:
SAML SSO uses givenname and surname attributes to define the Full name for an Atlassian account.
User provisioning ( SCIM ) uses displayName attribute to define the Full name for an Atlassian account.
It's possible to have different values mapped by SCIM and by SAML and SCIM will update when syncing and SAML will update when users log in.
The suggestion:
Knowing that some IdPs don't support changing the givenname and surname it would be great if, when having SCIM, only the attribute send by SCIM is considered. Otherwise, customers may face unwanted Full name changes for their users due to both integrations values mismatch.
Workaround:
Option 1 : Remove the givenname and surname attributes of SAML from being sent by the IdP, with this the SCIM attribute will be the only one updating the value.
Note: this is only applicable for IdPs which allow modifying/removing the attributes.
OR
Map the givenname to the displayname and map surname to a dummy AD attribute that does not contain any real value.
Option 2 : In Okta, update the User's Profile so that their Nickname is sent as their givenName/surName
Option 3 : Alternatively, you can configure SAML in atlassian using a generic app in Okta in addition to the "Atlassian Cloud" app (for SCIM) by simply changing the SAML settings in Atlassian to point to the new generic app in Okta.
This trades-off the ability to have both a Jira and a Confluence button in Okta for the ability to disable the givenName/surName attributes in SAML. Please note that the email address for the nameId needs to use the same user property as the SCIM configuration used by the "Atlassian Cloud" app.
Option 4 : In Okta, we can force the Provisioning DisplayName attribute to use the "GivenName SurName" format, similar to what is used by the SAML-SSO for setting up the name.
- Set the provisioning displayName attribute to user.firstName+" "+user.lastName . Use "Force sync" to propagate the changes to Atlassian.
Attachments
Issue Links
- is duplicated by
-
- Closed
- is related to
-
- Gathering Interest
- causes
-
ACE-5023 Loading...
- is resolved by
-
- mentioned in
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- relates to
-