Details
-
Bug
-
Resolution: Incomplete
-
Highest
-
None
Description
Summary
The Google ID of a user is associated with the incorrect Atlassian ID(AID). Customers may have multiple AIDs because of an email address change(or similar). Login process fails as described in "Actual Results" below. Users are unintentionally forced to authenticate with the incorrect AID as a result of the Google ID being associated with the incorrect AID.
Environment
- JIRA 1000.910.0
Steps to Reproduce
- Integrate Google Apps(G-Suite) for single sign-on
- Try to log into instance using the correct email address and password
Expected Results
- Successful login and access to JIRA/Confluence
Actual Results
- User is presented with an error that reads similar to:
Aw, shoot. You don't have access with
DuplicateAID@example.comLooks like you don't have access to this site.
- The email address displayed in the error message is not the email address the customer intended to sign in with
Notes
- All users on an instance are denied access to JIRA in some cases
Workaround
Customers must contact support. The support engineer must escalate to the Identity DoS to fix the problem.- We've pushed out a change to the G Suite syncing behaviour that we believe should resolve this issue. The fix requires the administrator of the instance/G Suite account to go to User Management, G Suite, and then disconnect and reconnect their G Suite integration. This should start a sync that should resolve these emails.
If the admin is locked out, Atlassian staff might need to login and disconnect G Suite integration (Customer will need to re-enable it).
