-
Bug
-
Resolution: Tracked Elsewhere
-
High
-
Minor
Automatic License Provisioning through Approved domains (configured in User Access Settings)does not work for Jira Products (Jira, Jira Work Management, Jira Service Management, or Jira Product Discovery) when customer already has access to one of these products.
Steps to Recreate Issue:
Scenario 1
Configure an approved domain in "User Access Settings" with access to products say Jira and JSM.
- With a user account that belongs to the approved domain, login to a site and access a Jira feature (Board/Sprints). The user automatically gets access to all products configured for license through Approved Domains (In this case both JSM and Jira) and is able to successfully access Jira product.
- Now, remove this user from Jira default access group/role manually from the admin console. User now does not have Jira License. He/She only has JSM license in place.
- Now, when trying to access Jira boards, user is blocked. Gets "Sorry, you can't view this page"
Scenario 2:
Existing user in directory with email id xxx.domain.com and JSM license in place.
- Now, configure domain.com as an approved domain with Jira and JSM license auto provisioning.
- User xxx tries to access Jira feature, but gets "Sorry, you can't view this page". Automatic License provisioning does not kick in.
Scenario 3:
Existing user in directory with email id xxx.domain.com and Jira Product Discovery license in place.
- Now, configure domain.com as an approved domain to grant Jira licenses automatically when accessing the product.
- User xxx tries to access Jira feature, but gets "Sorry, you can't view this page". Automatic License provisioning does not kick in.
Please Note: The above situation arises only when the users has JSM license with role as User(Agent). If JSM user role is "Customer", approved domain configuration get appropriately assigned!
Expectation here is that with Approved Domains configured, user should automatically be granted Jira License when attempting to access Jira Issues/boards.
Additional Note: This issue is not specific to Jira / JSM, but with any Jira product. As long as user already has access to one of the Jira products, automatic license provisioning through approved domains does not work for other configured Jira products.
- was cloned as
-
JRACLOUD-93522 Issues With License Provisioning through approved domains
-
- Closed
-
I got answers from you some time ago:
I understand you have complex rules about when a user can access data even without a license, e.g. when they are JSM customers. So if a users logs in to JSM, they can see something, but when they are in the same session and URL and they want to see details, they will not get the now-required license on-demand when they currently do not have it.
I consider this a conceptional bug.
That is the same topic as in https://jira.atlassian.com/browse/CONFCLOUD-78128 or https://jira.atlassian.com/browse/CONFCLOUD-74283 and many others. It affects Jira and Confluence for us, and the former workarounds have partly stopped working, e.g. we do not see the Confluence error page to "Get Full Access" any more.
Someone at Atlassian also want to introduce a feature to give ALL licenses defined in approved domain when the user logs in. This is a bad idea:
We also have problems now with first-time users who do not get their initial license, instead the browser goes into a forwarding loop that ends with timeout after 30sec.
I consider that license-granting (and session-handling) functionality severely broken, up to a point where we should not rely on Approved domains any more. What saves us: We only have few first-time users every month, and most users who get a license removed due to months of inactivity will really not come back - so it is not that huge number of tickets, but it is a constant struggle to fix that fast, while Atlassian changes the functionality and the error pictures reported change every few weeks.