Uploaded image for project: 'Identity'
  1. Identity
  2. ID-7671

Atlassian organization admin API key expiry notification

XMLWordPrintable

    • 20

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      As per this article https://support.atlassian.com/organization-administration/docs/manage-an-organization-with-the-admin-apis, the admin key can last from a week up to a year. Currently, no email notification is sent when the key expires or is about to expire.

      The suggestion is to send a reminder notification to the organization admins some time prior to the expiry date. This can be very useful to avoid any issues that may arise due to an expired key.

            [ID-7671] Atlassian organization admin API key expiry notification

            Amanpreet Singh Sandhu added a comment - - edited

            Is there any workaround for the same? As we wait for feature to be developed, we need assistance from Atlassian to provide some workaround.

            Amanpreet Singh Sandhu added a comment - - edited Is there any workaround for the same? As we wait for feature to be developed, we need assistance from Atlassian to provide some workaround.

            Baptiste Massey added a comment -

            Hi,

            Is there any update on this? It has been in "Gathering Interest" state for a long time. 

            This should have no question asked for such a request, it should be a standard feature imho.

            Best.

            Baptiste Massey added a comment - Hi, Is there any update on this? It has been in "Gathering Interest" state for a long time.  This should have no question asked for such a request, it should be a standard feature imho. Best.

            Abhinav Srivastava added a comment -

            https://getsupport.atlassian.com/browse/PCS-198370

            Abhinav Srivastava added a comment - https://getsupport.atlassian.com/browse/PCS-198370

            Jean Desulme added a comment -

            This should be a standard feature for any key generated that mandates expiration. There should be two workflows; the first is that organization admins should be notified when a key has been created. The second that's needed is when it's about to expire and when it has expired. The current behavior where it just disappears is unrealistic and can cause unintended issues depending on what application uses this key in critical downstream systems. 

             

            Jean Desulme added a comment - This should be a standard feature for any key generated that mandates expiration. There should be two workflows; the first is that organization admins should be notified when a key has been created. The second that's needed is when it's about to expire and when it has expired. The current behavior where it just disappears is unrealistic and can cause unintended issues depending on what application uses this key in critical downstream systems.   

            Priska Aprilia added a comment -

            Sometimes, a service request needs to be approved by the requester's reporting manager before the service desk team can work on the request.

            Currently, there is no way to store a user's reporting manager in the user's profile for the users provisioned through an identity provider like GSuite. As such, the reporting manager information needs to be retrieved from external system (HR, Identity Provider) and the only unique identifier to link the user in Atlassian Cloud and the external system is through the user's email address.

            Based on Atlassian Cloud policy, in order to retrieve the user's email address of a managed account, we need to use Admin API Key (generated by Org Admin of the verified domain) to call the User API.

            This Admin API Key can only last from a week to up to a year. This means, the Org Admin has to generate a new key every year before it ends otherwise the service that relies on the User API to get the email address will stop working. And Atlassian Cloud does not send any notification to Org Admin prior or upon the expiration of the Admin API Key.

            The suggestion is to send email notifications to Org Admin prior and upon the expiration of the Admin API Key to avoid any interruption of services due to an expired API Key.

             

            Priska Aprilia added a comment - Sometimes, a service request needs to be approved by the requester's reporting manager before the service desk team can work on the request. Currently, there is no way to store a user's reporting manager in the user's profile for the users provisioned through an identity provider like GSuite. As such, the reporting manager information needs to be retrieved from external system (HR, Identity Provider) and the only unique identifier to link the user in Atlassian Cloud and the external system is through the user's email address. Based on Atlassian Cloud policy, in order to retrieve the user's email address of a managed account, we need to use Admin API Key (generated by Org Admin of the verified domain) to call the User API. This Admin API Key can only last from a week to up to a year. This means, the Org Admin has to generate a new key every year before it ends otherwise the service that relies on the User API to get the email address will stop working. And Atlassian Cloud does not send any notification to Org Admin prior or upon the expiration of the Admin API Key. The suggestion is to send email notifications to Org Admin prior and upon the expiration of the Admin API Key to avoid any interruption of services due to an expired API Key.  

              5cd8def7e384 Kunwardeep Singh
              akhan@atlassian.com Asim K
              Votes:
              18 Vote for this issue
              Watchers:
              22 Start watching this issue

                Created:
                Updated: