Users can be removed from the SCIM groups if the SCIM groups are added to the Product Access configuration.

XMLWordPrintable

    • Minor

      Issue Summary

      Users can be removed from the SCIM synced groups using the Atlassian admin UI if the SCIM groups are added to the Product Access configuration.

      Steps to Reproduce

      1. Add an externally synced group to Jira/Confluence product access ( admin.atlassian.com/s/<siteID>/apps )
      2. Go to a user in this group ( in the admin hub admin.atlassian.com/s/<siteID>/users ), that does have the default product access group for Jira/Confluence
      3. Use the product access toggle to remove the Jira/Confluence access
      4. The user is now removed from their externally managed group

      Expected Results

      The operation is blocked because the user is added to a SCIM group which grants Product Access to the application.

      Actual Results

      The operation is successful and the user is removed from the SCIM group, it'll only be possible to add the user to the group again if you remove him from the group on the IdP and add him back there, hence initiating a new sync that will re-add the user to the group on Atlassian's end.

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available

              Assignee:
              Dip
              Reporter:
              Matheus
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: