-
Suggestion
-
Resolution: Unresolved
-
56
-
Summary
- For example, the user has two sites in his organization. They need to provision users and groups only to one site, there is no option to remove the site from the user provisioning.
- There are cases where the same admins are working on 2 different set of domains, IDP and AA org. An admin may incorrectly attach a site to the wrong org and it won't be possible to unlink the site from the org afterwards.
- When discontinuing AA or User Provisioning, it is not possible to unlink a site from an AA org. This causes the site-admin group to be disabled on the site.
Suggestion
- Add an unlink/delete button to remove a site from the AA organization. Unlinking should reactivate the site-admin group locally in the cloud site.
Workaround
- Remove user provisioning configuration
- Transfer products where you don't want to use User Provisioning to another organization https://confluence.atlassian.com/cloud/transfer-products-to-another-organization-967318518.html
- Set up User Provisioning again in your main organization
- is duplicated by
-
- Closed
-
- Closed
- is related to
-
- Closed
-
- Gathering Interest
-
ACE-8004 You do not have permission to view this issue
- relates to
-
- Closed
-
- Closed
-
- Gathering Interest
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[ACCESS-977] Ability to exclude or remove a site from User Provisioning (SCIM)
I have a Enterprise Plan. The workaround is no option to me, as I need another license plan.
I do not understand, why all the users are added in active state automatically.
I want to:
- have an configuration option to grant users site access only to a subgroup of all synchronized users. I want to specify these users by groups.
- for a better overview it would be much easier to have only the relevant users (e.g. I have 3000 users but only want 25 to have access)
- at least I do want to grant all synched users automatically to all sites.
We've recently observed this issue in our organization, where after enabling user provisioning we noticed users of non-site products like Trello getting provisioned and granted access to site, users that until that point had no awareness of the site's existence. It does not have any huge impact for us, since the users although created on the site are not by default granted product access (unless assigned to product groups), but still it is a concern from security perspective and goes against the need to know principle, given these users don't need access to site products. Would prefer if users were only synced to site, when they are added to site manually or assigned to product groups, adding them to site just because they are in the Atlassian org is not appropriate.
Hello,
Wow this topic is very old
Any news ?