Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-951

Include information on users being managed by an identity provider in the export for managed accounts

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      In an organization, when exporting the managed accounts, the following information will be included, which is very useful for auditing purposes:

      • Name
      • Email
      • Status (whether they're active or a have been deactivated)
      • Billable (whether they count towards your Atlassian Access bill)
      • SAML single sign-on (whether they log in with SAML sign-on)
      • Two-step verification enabled (whether they've enabled two-step verification)
      • BitbucketConfluenceJira CoreJira Service DeskJira Software (listed with the sites they use to access the products)

      For some organizations, it is helpful to know which users are being retrieved via user provisioning or not in order to work with some examples like:

      • Checking if all the users from the directory are being included in the org.
      • Check which users can be manually activated/deactivated directly from the org.
      • Check for users that manually created accounts instead of being retrieved via the company's directory.
      • Remove users manually when they do not belong to the company's directory.

      This is a suggestion to include information indicating if the user belongs to the connected directory via user provisioning.

            [ACCESS-951] Include information on users being managed by an identity provider in the export for managed accounts

            Kat N added a comment -

            Thanks everyone for watching and commenting on this ticket. As part of an initiative to better consolidate customer feedback, we are closing this ticket as a duplicate. Please vote, watch and comment on ACCESS-953 going forward.”

            Kat N added a comment - Thanks everyone for watching and commenting on this ticket. As part of an initiative to better consolidate customer feedback, we are closing this ticket as a duplicate. Please vote, watch and comment on ACCESS-953 going forward.”

            For an organization which looks to provision all its users from the IDP for improved security and JML efficiency reasons, lack of awareness of managed accounts that are NOT provisioned from IDP means that when some users leave the organization and have their account deactivated in the IDP, their account if not provisioned from (linked) with IDP, may remain active consuming licences unnecessarily and posing a security risk due to leaver access not being removed. We need to be able to quickly identify which users are not provisioned from IDP (self-sign-up and such like users) which we need to follow up and provision/link with IDP.

            Ivan Shtanichev added a comment - For an organization which looks to provision all its users from the IDP for improved security and JML efficiency reasons, lack of awareness of managed accounts that are NOT provisioned from IDP means that when some users leave the organization and have their account deactivated in the IDP, their account if not provisioned from (linked) with IDP, may remain active consuming licences unnecessarily and posing a security risk due to leaver access not being removed. We need to be able to quickly identify which users are not provisioned from IDP (self-sign-up and such like users) which we need to follow up and provision/link with IDP.

              ajagalpure ani (Inactive)
              gdecampos Giuliano C.
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: