Summary

The Google ID of a user is associated with the incorrect Atlassian ID(AID). Customers may have multiple AIDs because of an email address change(or similar). Login process fails as described in "Actual Results" below. Users are unintentionally forced to authenticate with the incorrect AID as a result of the Google ID being associated with the incorrect AID.

Environment

• JIRA 1000.910.0

Steps to Reproduce

1. Integrate Google Apps(G-Suite) for single sign-on
2. Try to log into instance using the correct email address and password

Expected Results

• Successful login and access to JIRA/Confluence

Actual Results

• User is presented with an error that reads similar to:

  Aw, shoot. You don't have access with
  DuplicateAID@example.com

  Looks like you don't have access to this site.

• The email address displayed in the error message is not the email address the customer intended to sign in with

Notes

• All users on an instance are denied access to JIRA in some cases

Workaround

• Customers must contact support. The support engineer must escalate to the Identity DoS to fix the problem.
• We've pushed out a change to the G Suite syncing behaviour that we believe should resolve this issue. The fix requires the administrator of the instance/G Suite account to go to User Management, G Suite, and then disconnect and reconnect their G Suite integration. This should start a sync that should resolve these emails.
  If the admin is locked out, Atlassian staff might need to login and disconnect G Suite integration (Customer will need to re-enable it).