Problem Definition

Currently, if we associate an Atlassian Cloud site with a Google Apps domain and include Service Desk customers with 'portal only' access, these users are given default access to the application and can no longer be changed into 'portal only' users.

This may cause important issues if this is done inadvertently by the user, such as:

1. Giving these users access to content they should not have access to (so a security breach)
2. Updating license, requiring customer to pay for a license.
3. A lot of extra work to manually undo all the changes
4. If the users are then removed from synchronization, by removing them from synched groups, this may remove all the users from their instance, causing further problems

Suggested Solution

There are a number of possible solutions:

1. Never sync SD users
2. Sync them and keep them as portal only
3. Give the administrator and option to either sync those users or not or an option to either raise their application access or not
4. At least, show a warning that users will be given access to JIRA and which of them will