Uploaded image for project: 'Identity'
  1. Identity
  2. ID-7529

Social log in causing email change to @gtempaccount.com for SAML linked accounts

XMLWordPrintable

      Issue Summary

      From https://support.google.com/accounts/troubleshooter/1699308?visit_id=637242348410340378-2424293974&hl=en&rd=1#ts=1699315:

      A Google Account may be created using any standard email address that can receive mail. Because of this, you may have used your G Suite email address to create a conflicting account. A conflicting account is a personal Google Account that was created using the email address of a G Suite account. For this reason, any G Suite user could have two accounts with the same email address.

      Here's a common scenario

      1. Jane decides to go to www.google.com/photos and creates a Google Account with her corporate email address 'Jane@altostrat.com.'
      2. Jane's company, Altostrat, upgrades to G Suite – which means each employee's email address is now that employee's username for a corporate Google Account.
      3. Jane now has two Google Accounts – one G Suite account, and one Google Account, that share the same primary email address, but are completely unrelated.The most common reason that you may have a conflicting account is that you used Google Reader, Google Voice, or Picasa Web Albums with your @my-domain.com email.

      Steps to Reproduce

      1. Having a Google Account created with the corporate email address prior to having G Suite on the company, login to Atlassian using social login.
      2. (System) A link is now created using the Google ID of this account into the Atlassian account.
      3. Company now has a SAML integration, the end user logs in by company SSO, creating the SAML ID link with the Atlassian account.
      4. Company now has G Suite in place. (Not integrated with Atlassian)
      5. (System) Google now changes the pre-G Suite Google Account email to @gtempaccount.com
      6. End user uses social login again with Atlassian with an existing session for the pre-G Suite Google Account.

      Expected Results

      With SAML SSO in place, the Google ID should have been cleared from the account, so no profile changes are propagated from Google anymore through social link.

      Actual Results

      The Atlassian account gets updated from Google to name%domain@gtempaccount.com

      Notes

      The issue can reoccur if the end user uses social login again.

      Workaround

      If the new gtempaccount.com email address is still accessible, perform an email change back to the original one, if another Atlassian account is already using it, access the new duplicated account and change its email to an alias such as name+alias@domain.com, then perform the change on the original account.

      If you are not able to perform the steps above, please engage our Atlassian support by raising a ticket on our support.atlassian.com portal.

              Unassigned Unassigned
              rbecker Rodrigo B.
              Votes:
              3 Vote for this issue
              Watchers:
              26 Start watching this issue

                Created:
                Updated: