Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-2169

Inconsistent results when using the Get managed accounts in an organization  API

XMLWordPrintable

      Issue Summary

      When using the Get managed accounts in an organization ** endpoint to get deactivated and deleted (pending for deletion state) account statuses, the results are inconsistent. 
       
      When looking at the closed or inactive status, we cannot differentiate accounts deactivated by the org admin from those deactivated by the IDP or from accounts pending deletion.

      Steps to Reproduce

      Use the Get managed accounts in an organization ** endpoint to get deactivated and deleted (pending for deletion state) account statuses.

      Actual Results

      The API returns:

      • "account_status": "closed" for previously active accounts that were deleted and are in the "pending for deletion" state due to the 14-day grace period.
        • When the account goes from Active to Deleted, we get the account status Closed __ from the API.
      • "account_status": "inactive" for deactivated accounts, and also for deactivated accounts that were deleted and are in the "pending for deletion" state due to the 14-day grace period.
        • When the account goes from Active to Deactivated and then Deleted, we get Inactive from the API as if the account was normally deactivated and not deleted.
        • It seems the logic does not consider the last state.
      • "account_status": "closed" for accounts deactivated by an identity provider through SCIM.

      Expected Results

      • "account_status": "closed" only for accounts pending for deletion.
      • "account_status": "inactive" for any deactivated accounts, including ones deactivated by the identity provider

      Workaround

      Use the Search endpoint, as it returns Inactive for deactivated accounts regarding whether it is pending deletion or deactivated by the IDP.

            [ACCESS-2169] Inconsistent results when using the Get managed accounts in an organization  API

            Grzegorz Zgudka made changes -
            Status Original: Needs Triage [ 10030 ] New: Long Term Backlog [ 12073 ]
            Olivia Mackintosh made changes -
            Component/s Original: Identity Internal - PRS and RTBF [ 56704 ]
            Component/s New: Managed Accounts - Claim/Unclaim [ 73810 ]
            Key Original: ID-8854 New: ACCESS-2169
            Project Original: Identity [ 16810 ] New: Atlassian Guard [ 18910 ]

            Shangfei added a comment -

            Identity treats
            blocked, deactivated and pending_deletion -> inactive state 
            deleted/tombstoned -> closed state
            MAS infers this differently where it treats blocked as closed, so this should be bug on MAS side.

            Shangfei added a comment - Identity treats blocked, deactivated and pending_deletion -> inactive state  deleted/tombstoned -> closed state MAS infers this differently where it treats blocked as closed, so this should be bug on MAS side.
            Chris Squire made changes -
            Component/s Original: Directory - Search / filter [ 66397 ]
            Component/s New: Identity Internal - PRS and RTBF [ 56704 ]
            Morgan Green made changes -
            Component/s Original: User Management Public APIs [ 56701 ]
            Component/s New: Directory - Search / filter [ 66397 ]
            SET Analytics Bot made changes -
            Support reference count New: 1
            Joabe Soares created issue -

              Unassigned Unassigned
              8a10e83881a0 Joabe Soares
              Affected customers:
              0 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated: