[ID-8332] Changing emails to another domain through REST API results in error related to SSO / SAML

Type: Bug
Resolution: Fixed
Priority: High
Component/s: User Management Public APIs
Labels:
None

Support reference count:
3
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Cloud bug fix policy

Issue Summary

Changing emails to another domain through REST API results in error related to SSO / SAML
This is caused by the enforcement of SSO in the Authentication policies.

This is reproducible on Data Center: no

Steps to Reproduce

Claim 2 domains in the Organization
Enforce SSO in a particular user through Auth policies
Try to change the email of this user using the public API
- https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-email/#api-users-account-id-manage-email-put

Expected Results

Should change the user's email.

Actual Results

Results in the following error:

{"key":"forbidden.action","context":{"allowed":false,"reason":{"key":"authPolicy.saml"}},"errorKey":"forbidden.action","errorDetail":{"allowed":false,"reason":{"key":"authPolicy.saml"}}}

Workaround

The workaround is to change authentication policies momentarily and disable SSO enforcement.

is duplicated by

ID-8336 SSO enforced managed account's email address cannot be changed via the org admin API

Closed

is resolved by: METRO-945 Failed to load

mentioned in: Page Failed to load

Joel Ryden added a comment - 12/Sep/2023 5:18 AM

The change is now available in production. Admins should no be able to change email on accounts that are under a SAML SSO authentication policy.

Joel Ryden added a comment - 12/Sep/2023 5:18 AM The change is now available in production. Admins should no be able to change email on accounts that are under a SAML SSO authentication policy.

Timothy Frew added a comment - 31/Aug/2023 11:24 PM

As discussed, we’re going to close this issue as it's the expected default behaviour.

Timothy Frew added a comment - 31/Aug/2023 11:24 PM As discussed, we’re going to close this issue as it's the expected default behaviour.

Assignee:: Joel Ryden

Reporter:: Andre Borzzatto

Affected customers:: 0 This affects my team

Watchers:: 6 Start watching this issue

Created:: 25/Aug/2023 12:53 PM

Updated:: 06/Oct/2023 2:34 PM

Resolved:: 12/Sep/2023 5:18 AM

Identity

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: Joel Ryden added a comment - 12/Sep/2023 5:18 AM

Expand comment: Joel Ryden added a comment - 12/Sep/2023 5:18 AM

Collapse comment: Timothy Frew added a comment - 31/Aug/2023 11:24 PM

Expand comment: Timothy Frew added a comment - 31/Aug/2023 11:24 PM

People

Dates