We are also still experiencing this issue in our tenant. 

We are still experiencing this issue in our tenant. 

Hi everyone,

Thank you for reporting this issue.

I'm happy to announce that the fix has been rolled out for all non-release track customers. If you are on the release track and would like to get it on sooner please contact our support.

Cheers,
Vu

If you need any additional assistance, feel free to reach out to me. That's precisely what I specialize in. I work with Trinidad Wiseman, an Atlassian Platinum Partner, where we specialize in configuring, assisting with configurations, and analyzing all Atlassian products, among other services.

You can contact me at kevin.kadakas [at] twn.ee.

Hello Mark,

I believe this might be one of those bugs that could potentially take ages to be resolved, but I've managed to sort out this issue on my own.

If you're syncing users from Azure, I recommend creating a dynamic group for all users. It's just an Azure group, so it won't disrupt anything. You can find instructions online - try searching for something like "Azure AD all users dynamic group."

Once you've established this group, you can sync it from Azure to Atlassian Access and assign the "All Users" group JSM (Jira Service Management) customer rights. This way, every new user in Azure will be automatically included in the "All Users" group, which is synced to Jira. Since this group possesses customer rights, every user will consequently have automatic customer privileges.

It's important to note that this dynamic "All Users" group can be configured according to your preferences. You have the flexibility to add users based on user properties. For instance, if you wish to include all users within a particular department, you can set it up accordingly.

Is there any update on this issue?

We are still needing to manually enable the Jira Service Management - Customer option for all new users.

This is an extremely critical error for us! It's hindering our ability to serve over 6000 internal clients. Therefore, we urgently require a proper and timely workaround.

I have a few questions regarding potential solutions:

1. If I upgrade the server to the latest version and then perform the migration again, will it resolve the issue?

1. Alternatively, will it work if I start a Data Center trial, upgrade to the latest version, and then perform the migration?

1. Or should I reach out to Atlassian to request the deletion of my organization, and then start from scratch with one of the previous fixes (either upgrading the server or upgrading to Data Center and then to the latest version)?

I need to determine the most suitable approach to resolve this problem as quickly as possible.

I have managed accounts synced from Azure AD, and although they have no permissions to access Jira, they should still be able to create requests as internal customers. However, when these users try to send email requests to the service project in the cloud, they encounter the error "You don't have permission to access this service project," even though the project is open.

To reproduce the issue, you would need to (not tested but possible reproduction):

1. Start with a new cloud instance and sync users from Azure AD.
2. Have a Jira Core 8.14 and JSM 4.14 server (not Data Center) environment.
3. Sync users from Azure AD to the server.
4. Create an open Service Project.
5. Migrate from the server to the cloud using the latest Migration Assistant 1.9.7.
6. Try to send an email to the service project in the cloud using one of the synced users without any permissions to any projects.

Expected result:

Since the managed user from Azure AD has no permissions, they should be granted the Service Desk Customer permission, and the request should be created.

Actual results:
The email requests are failing with the error "You don't have permission to access this service project," despite the project being open.

Workaround (possible but not best practice obviously):
Since all users are synced from Azure AD, you can create a new group (e.g., "Jira") and add every user to that group. Then, in Atlassian Access, grant this new group the Customer rights. This way, every new user synced from Azure AD will have the JSM customer permission by default. This is a short-term workaround until this bug is fixed.