Uploaded image for project: 'Identity'
  1. Identity
  2. ID-6385

Users are able to Self-Sign Up on Instances with Self-Sign Up Deactivated

XMLWordPrintable

      Summary

      Users are able to Self-Sign Up on Instances with Self-Sign Up Deactivated

      Description

      Administrators are receiving notifications for new users requesting access on instances with Self-Sign Up deactivated.
      It also seems to be affecting instances with "Any account with one of the following email address domains can sign up" - Instead of filtering requests from that domain only, it lets anyone from any domain to sign up.

      Steps to Reproduce

      1. On an instance, disable the "Self Sign Up""
      2. Access the instance from another account - which doesn't have access to that instance

      Expected Results

      You should get a message stating that you don't have access to that site.

      Actual Results

      You see the button "Request Access" and by clicking on it, all administrators get a message stating that you've requested access.

        1. image-2017-07-13-11-55-36-508.png
          52 kB

            [ID-6385] Users are able to Self-Sign Up on Instances with Self-Sign Up Deactivated

            Michael Andreacchio made changes -
            Workflow Original: reviewflow [ 2408518 ] New: JAC Bug Workflow v3 [ 3258162 ]
            Kieren (Inactive) made changes -
            Link New: This issue is related to ID-6682 [ ID-6682 ]
            Kieren (Inactive) made changes -
            Resolution New: Obsolete [ 11 ]
            Status Original: Reopened [ 4 ] New: Closed [ 6 ]

            Kieren (Inactive) added a comment -

            Hi Everyone,

            With Stride being shut down last month and the old request access feature being removed, there should no longer be any possibility of this bug occurring again, so I'm closing this ticket.

            What about the new Request Access feature?

            A new Request Access feature was rolled out in November 2018 (read more about it here). This feature allows users to contact their site admins when they need access to a new product, or if they need someone else to access a product. In summary:

            1. If one of your users has access to 1 product (Jira), and they'd like to get access to one of your other existing products (confluence), then they can request access to it. An email will be sent to all the Site Admins, along the lines of "James Barker already has access to Jira, and would like to access Confluence...". Any site admin can approve or deny this request.
            2. Your existing users can request access for someone who is not currently on your site. A common example of this is when a new staff member starts at a company, but they don't have access to Jira or Confluence, any user can request access for the new staff member and inform their site admin(s). An email will be sent to all the Site Admins, along the lines of "James Barker would like sue.ellen@acme.com to access Confluence...". Any site admin can approve or deny this request.

            There is a ticket to improve the Request Access feature here https://jira.atlassian.com/browse/ID-6682. Please comment on it with any suggestions for improvements.

            Kieren (Inactive) added a comment - Hi Everyone, With Stride being shut down last month and the old request access feature being removed, there should no longer be any possibility of this bug occurring again, so I'm closing this ticket. What about the new Request Access feature? A new Request Access feature was rolled out in November 2018 ( read more about it here ). This feature allows users to contact their site admins when they need access to a new product, or if they need someone else to access a product. In summary: If one of your users has access to 1 product (Jira), and they'd like to get access to one of your other existing products (confluence), then they can request access to it. An email will be sent to all the Site Admins, along the lines of "James Barker already has access to Jira, and would like to access Confluence...". Any site admin can approve or deny this request. Your existing users can request access for someone who is not currently on your site. A common example of this is when a new staff member starts at a company, but they don't have access to Jira or Confluence, any user can request access for the new staff member and inform their site admin(s). An email will be sent to all the Site Admins, along the lines of "James Barker would like sue.ellen@acme.com  to access Confluence...". Any site admin can approve or deny this request. There is a ticket to improve the Request Access feature here https://jira.atlassian.com/browse/ID-6682 . Please comment on it with any suggestions for improvements.
            Bugfix Automation Bot made changes -
            Support reference count New: 50

            Lele (Inactive) added a comment -

            https://getsupport.atlassian.com/browse/JST-435017

            Lele (Inactive) added a comment - https://getsupport.atlassian.com/browse/JST-435017
            Nagila Marques (Inactive) made changes -
            Assignee Original: Joshua Batchelor [ jbatchelor ]
            Takuya Nagasaka (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 308858 ]

            Jeff Tillett added a comment -

            jbatchelor, we got one of these on November 30th for our domain of singularity.jira.com for a user with an email of quentinmousset@gmail.com

            This is definitely still a problem.

            Jeff Tillett added a comment - jbatchelor , we got one of these on November 30th for our domain of singularity.jira.com for a user with an email of quentinmousset@gmail.com This is definitely still a problem.
            K. Yamamoto made changes -
            Link New: This issue has a derivative of ID-6498 [ ID-6498 ]

              Unassigned Unassigned
              lmartins Lucas Lara Martins
              Affected customers:
              26 This affects my team
              Watchers:
              57 Start watching this issue

                Created:
                Updated:
                Resolved: