Uploaded image for project: 'Identity'
  1. Identity
  2. ID-7993

SAML relink failure for non-SSO accounts

XMLWordPrintable

      Issue Summary

      SAML SSO fails to relink in the backend if the linked account is moved to a non-SSO authentication policy.

      • This is reproducible on Data Center: no

      Steps to Reproduce

      1. As the end user, SSO login into Atlassian (ie. primaryemail@domain.com)
      2. On org managed accounts, change the email address of the account to something else. (ie. primaryemail@domain.com -> primaryemail_free@domain.com )
      3. Move the old account to an authentication policy with SSO disabled (ie. primaryemail_free@domain.com)
      4. Migrate another existing Atlassian account to re-use the email address and enforce SSO to this account. (ie. alias@domain.com -> primaryemail@domain.com)
      5. As the end user, try to perform an SSO login again. (primaryemail@domain.com)

      Expected Results

      The end user should be able to log in to the migrated account using SSO.

      Actual Results

      The end user encounters the following error :

      Hmm... we're having trouble logging you in. Please try again with a different authentication method.

      Workaround

      Move the old account back to the SSO policy to allow the relink to happen.

      • As the org admin, move the old account back to the SSO policy (ie. primaryemail_free@domain.com)
      • As the end user, perform an SSO login to re-link (ie. primaryemail@domain.com)
      • Once the log in is successful, feel free to move the old account back to the non-SSO policy.

        1. sso error.png
          sso error.png
          110 kB

              apansari@atlassian.com Ankur Pansari
              rmacalinao Ramon M
              Votes:
              2 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: