Details
-
Bug
-
Resolution: Tracked Elsewhere
-
High
-
None
-
27
-
Severity 2 - Major
-
Description
As this issue does not stop the G Suite integration but the account update that is being pushed, it is more appropriated to track this as an enhancement request to improve the UI messages so the admins know the accounts involved in the difficulty. The development team is already aware of this difficulty. We will set this ticket to Long Term Backlog.
For future cases, please track the progress around the enhancement request at the ticket below:
Thanks.
Issue Summary
The new org-level G Suite/G Sync integration fails when trying to update a synced account to an email address that is already taken. In the UI the admins only see:
The image does not explain the issue and gives no workaround for the admins. There is a feature request to improve that error message.
Steps to Reproduce
- Setup the integration and sync a user (i.e. email@domain.com)
- Create a new Atlassian Account with a different email address (i.e. new.email@domain.com) but do not sync it
- At G Suit admin page, change the synced account from email email@domain.com to new.email@domain.com
In this scenario we have the following accounts:
account | synced from Google? | |
---|---|---|
A | email@domain.com | |
B | new.email@domain.com |
Expected Results
The integration should change the account B email to new.email+conflict@domain.com or at least let the admin opt for that change before proceeding. Then update account A to new.email@domain.com as G Suite should be the source of truth for the accounts.
Actual Results
Nothing happens and the sync seems to fail.
In the backend the support team can see the following errors in the logs:
Error
stack_trace: io.atlassian.micros.gsyncv2.clients.IedaException: Call to IEDA failed due to: emailalreadyexists
Message
Could not update user for directory <directoryId> and userId <userId> (status: 409, reason: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"409","scimType":"uniqueness","detail":"Resource [USER]: with email[<targetEmail>] already exists."})
Workaround
- Open a support ticket
- If the admins know about changes being pushed to our end, they can undo them at Google (i.e. revert new.email@domain.com to email@domain.com) and then:
- Change the account with the target email to something different i.e. new.email@domain.com to invalida@domain.com (change just the email prefix so the account will still be managed by your Org)
- Then try to push the changes from Google (i.e. change email@domain.com to _new.email@domain.com)
Attachments
Issue Links
- is related to
-
ACCESS-962 Improve the error handling with Org-level G Suite integration
- Gathering Interest