Uploaded image for project: 'Identity'
  1. Identity
  2. ID-7646

Org-level Gsync/G Suite showing error message after failing in update a user's email address.

    XMLWordPrintable

Details

    Description

      As this issue does not stop the G Suite integration but the account update that is being pushed, it is more appropriated to track this as an enhancement request to improve the UI messages so the admins know the accounts involved in the difficulty. The development team is already aware of this difficulty. We will set this ticket to Long Term Backlog.

      For future cases, please track the progress around the enhancement request at the ticket below:

      Thanks.

      Issue Summary

      The new org-level G Suite/G Sync integration fails when trying to update a synced account to an email address that is already taken. In the UI the admins only see:

      The image does not explain the issue and gives no workaround for the admins. There is a feature request to improve that error message.

      Steps to Reproduce

      1. Setup the integration and sync a user (i.e. email@domain.com)
      2. Create a new Atlassian Account with a different email address (i.e. new.email@domain.com) but do not sync it
      3. At G Suit admin page, change the synced account from email email@domain.com to new.email@domain.com

      In this scenario we have the following accounts:

      account email synced from Google?
      A email@domain.com
      B new.email@domain.com

      Expected Results

      The integration should change the account B email to new.email+conflict@domain.com or at least let the admin opt for that change before proceeding. Then update account A to new.email@domain.com as G Suite should be the source of truth for the accounts.

      Actual Results

      Nothing happens and the sync seems to fail.

      In the backend the support team can see the following errors in the logs:
      Error

      stack_trace: io.atlassian.micros.gsyncv2.clients.IedaException: Call to IEDA failed due to: emailalreadyexists

      Message

      Could not update user for directory <directoryId> and userId <userId> (status: 409, reason: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"409","scimType":"uniqueness","detail":"Resource [USER]: with email[<targetEmail>] already exists."})

      Workaround

      1. Open a support ticket
      2. If the admins know about changes being pushed to our end, they can undo them at Google (i.e. revert new.email@domain.com to email@domain.com) and then:
        1. Change the account with the target email to something different i.e. new.email@domain.com to invalida@domain.com (change just the email prefix so the account will still be managed by your Org)
        2. Then try to push the changes from Google (i.e. change email@domain.com to _new.email@domain.com)

      Attachments

        Issue Links

          is related to

          Suggestion - ACCESS-962 Improve the error handling with Org-level G Suite integration

          • Gathering Interest
          mentioned in

          Page Loading...

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              jnunes@atlassian.com João Nunes
              Votes:
              2 Vote for this issue
              Watchers:
              19 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: