Remove Google ID when a Google account gets deactivated

XMLWordPrintable

    • 17

      Problem Definition

      All Atlassian Accounts that "Login with Google" have a Google id mapped to them. Atlassian uniquely identifies the accounts based on the email address as well as the Google ids of the users.

      When these accounts are deactivated via Gsuite or manually, the Deactivated Accounts still have the google ids mapped.

      When these users get recreated on Google, they get new google ids assigned to them.

      When these users try to log in to Atlassian or Admins try to activate these users via Gsuite, they get an error "email already exists", "your userbase might be out of date" or the former user account in Atlassian with the same email changes to <username>+atlassian_conflict@example.com while a new Atlassian Account gets created for the user instead of reactivating the old one.

      This is also mentioned in the following:

      Current Workaround

      1. Change the Deactivated user's email to something else on admin.atlassian.com.
        • For example, username@example.com is changed to username_false@example.com. This clears the Google id associated with the user.
      2. Change the email back to the original i.e. username_false@example.com, back to username@example.com.
      3. Sync username@example.com from IDP.

      Suggested Solution

      Automatically clear the Google id when a Google user is deactivated. Next time even if a new user is created on Google with the same email, Atlassian will reactivate the old Account based on email, and the new google id will be appended to the accounts, like how it happens for any Non-google user.

            Assignee:
            Unassigned
            Reporter:
            Ulka
            Votes:
            4 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: