Uploaded image for project: 'Identity'
  1. Identity
  2. ID-7444

SAML link persists for unmanaged accounts

XMLWordPrintable

      Issue Summary

      After changing the email address of a managed account to an unmanaged one, the SAML link for the account persists on the unmanaged account causing login problem.

      Steps to Reproduce

      1. Login via SAML using a managed account (user@domain.com)
      2. Change the email address to another domain (user@sub.domain.com)
      3. Unclaim the domain of the new email address in your organization (sub.domain.com). The account recently changed should now become unmanaged.
      4. SSO with the original email address under the domain that is still claimed (user@domain.com)

      Expected Results

      The user should be able to login with the email address on the claimed domain.

      Actual Results

      The user will run into the login error email-change-not-allowed-to-bypass-policy

      We're having trouble logging you in. There seems to be an issue with your identity provider. Wait a few moments, then try again.

      Workaround

      Please reach out to Atlassian support for clearing out the SAML link for the unmanaged account.

        1. SAML.png
          SAML.png
          155 kB
        2. SAML.png
          SAML.png
          155 kB

              jyu@atlassian.com Jonathon Yu
              rmacalinao Ramon M (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: