-
Bug
-
Resolution: Fixed
-
High
-
Severity 3 - Minor
Groups that are used to sync users from an identity providers should be read-only within an Organization's directory, meaning users cannot be added or removed via the Atlassian User Interface or via the REST API.
This is achieved when using a product REST API endpoint used for group modification:
- Confluence Cloud - Add member to group: https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-group/#api-wiki-rest-api-group-userbygroupid-post
- Jira Cloud - Add user to group: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-groups/#api-rest-api-2-group-user-post
Steps to Reproduce
- Configure user provisioning with an identity provider
- Create a group within the identity provider that will be used to sync users to Atlassian
- Using either the Confluence or Jira REST API endpoints to add a user to groups, add an existing user on your site to a SCIM synced group.
Expected Results
User receives an error indicating the group is not modifiable, similar to the message below:
{ "errorMessages": [ "An error occurred: com.atlassian.idp.client.exceptions.BadRequestException: {\"schemas\":[\"urn:ietf:params:scim:api:messages:2.0:Error\"],\"status\":\"400\",\"detail\":\"Group not modifiable\",\"errorType\":\"InvalidSchema\",\"message\":\"Group not modifiable\"}" ], "errors": {} }
Actual Results
The user is added to the group.
Workaround
Currently there is no known workaround for this behavior.
[AX-82] It's possible to add users to SCIM locked groups via the REST API
Component/s | Original: Directory - Groups - Add / remove users [ 66395 ] | |
Component/s | New: Directory - Groups - Add / remove users [ 80139 ] | |
Key |
Original:
|
New:
|
Support reference count | Original: 2 | |
Symptom Severity | Original: Severity 2 - Major [ 14431 ] | New: Severity 3 - Minor [ 14432 ] |
Project | Original: Identity [ 16810 ] | New: Admin Experience [ 24210 ] |
Remote Link | New: This issue links to "Page (Confluence)" [ 1000592 ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
Status | Original: In Progress [ 3 ] | New: Waiting for Release [ 12075 ] |
Status | Original: Long Term Backlog [ 12073 ] | New: In Progress [ 3 ] |
Assignee | New: Alireza Asadi [ b3415ed2a66a ] |
Remote Link | Original: This issue links to "UAM-2620 (Jira)" [ 992045 ] | New: This issue links to "UAM-2620 (Hello Jira)" [ 992045 ] |
Support reference count | Original: 1 | New: 2 |
Remote Link | New: This issue links to "Page (Confluence)" [ 994209 ] |
Support reference count | New: 1 |