[JSDCLOUD-5387] Password reset feature has no effect on customer accounts on JIRA Service Desk

Type: Bug
Resolution: Won't Fix
Priority: Medium
Component/s: Accounts Integration (Signup, Invite Team, Login, Logout, Reset Password, Profile)
Labels:
- nav-reviewed

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Cloud bug fix policy

Summary

When trying to reset a customer password via the JIRA Service Desk Project > Customers tab, the JIRA Service Desk administrator is directed to User Management e.g. https://INSTANCE_NAME.atlassian.net/admin/users/view?username=CUSTOMER_EMAIL_ADDRESS.
Password reset email is sent, but the URL in the password reset link resets the customer's Atlassian ID password.
JIRA Service Desk customers do not authenticate using Atlassian ID.
The password reset feature has no effect on the JIRA Service Desk customer account - the password on a customer account(portal only) stays the same.

Environment

JSD 1000.1313.0

Steps to Reproduce.

Create new customer in JSD.
Customer accepts invitation sent via email.
Customer sets a "Display name" and password e.g. "Password123".
JIRA Service Desk admin resets customer password by hovering the mouse pointer over the customer account; More > Administer. The JIRA Service Desk Admin is directed to User Management(https://INSTANCE_NAME.atlassian.net/admin/users/view?username=CUSTOMER_EMAIL_ADDRESS).
Password email sent to customer.
If customer doesn't have an Atlassian ID, customer is prompted to sign up for an Atlassian ID. If the customer has an Atlassian ID, then the customer is prompted to reset the Atlassian ID password.
After the customer sets a new password.
Customer tries to log into the Service Desk Portal with new credentials - login fails.

Expected Results

Password is reset and access to the Service Desk Portal is granted.

Actual Results

Customer receives an error message: "Sorry, your email and password are incorrect - please try again."
Access is not granted.

Notes

Using the original password("Password123" in our example) that was set will allow the customer to log into the Service Desk Portal.
The password reset feature has no effect on the JIRA Service Desk customer account.

Workaround

Navigate to: https://INSTANCE_NAME.atlassian.net/admin/jira-service-desk/portal-only-customers/view?username=USERNAME (in most cases the email address is the username) and update the customer's password from there

Michael Ruflin added a comment - 24/May/2017 12:33 AM

The root problem here is that the original user edit link still works, but shows a broken experience. We are soon completing the Identity Platform migration, at which point the link will cease to work and that should clear up the confusion mentioned in this ticket

Michael Ruflin added a comment - 24/May/2017 12:33 AM The root problem here is that the original user edit link still works, but shows a broken experience. We are soon completing the Identity Platform migration, at which point the link will cease to work and that should clear up the confusion mentioned in this ticket

Michael Ruflin added a comment - 24/May/2017 12:31 AM - edited

This is the wrong link for portal only customers. The correct link to edit a portal only customer is https://INSTANCE_NAME.atlassian.net/admin/jira-service-desk/portal-only-customers/view?username=USERNAME (in most cases the email address is the username). That page allows to set a new password for customers. Please note that this type of user can only ever log in through INSTANCE_NAME.atlassian.net/servicedesk/customer/portal as going to INSTANCE_NAME.atlassian.net/ will redirect the user to the Atlassian Account login page which only allows Atlassian Account users to log in.

We are currently in the process of enabling Atlassian Account on all sites (step 1) as well as a new Identity platform (step 2). Once step 1 is complete, portal only customers need to be managed in a separate section in Site Administration: JIRA Service Desk > Portal only customers. Until step 2 is complete, the existing user link still partially works (as noticed in this issue, reset password does not!). I suspect the customer reached the page due to ~~JSDCLOUD-5322~~ as navigating in the site admin UI should never point a portal only customer to the old link.

As a side note: We do not recommend converting accounts, unless users actual need licenses. See https://confluence.atlassian.com/cloud/select-the-right-account-for-your-jira-service-desk-customers-873871210.html#SelecttherightaccountforyourJIRAServiceDeskcustomers-HowdoIknowwhichaccountisbestformycustomers? and https://confluence.atlassian.com/cloud/select-the-right-account-for-your-jira-service-desk-customers-873871210.html#SelecttherightaccountforyourJIRAServiceDeskcustomers-MysitetransitionedtoAtlassianaccounts.HowcanIgivelicensestocustomersIwanttocollaboratewithinJIRAorConfluence?

Michael Ruflin added a comment - 24/May/2017 12:31 AM - edited This is the wrong link for portal only customers. The correct link to edit a portal only customer is https:// INSTANCE_NAME .atlassian.net/admin/jira-service-desk/portal-only-customers/view?username=USERNAME (in most cases the email address is the username). That page allows to set a new password for customers. Please note that this type of user can only ever log in through INSTANCE_NAME.atlassian.net/servicedesk/customer/portal as going to INSTANCE_NAME.atlassian.net/ will redirect the user to the Atlassian Account login page which only allows Atlassian Account users to log in. We are currently in the process of enabling Atlassian Account on all sites (step 1) as well as a new Identity platform (step 2). Once step 1 is complete, portal only customers need to be managed in a separate section in Site Administration: JIRA Service Desk > Portal only customers. Until step 2 is complete, the existing user link still partially works (as noticed in this issue, reset password does not!). I suspect the customer reached the page due to JSDCLOUD-5322 as navigating in the site admin UI should never point a portal only customer to the old link. As a side note: We do not recommend converting accounts, unless users actual need licenses. See https://confluence.atlassian.com/cloud/select-the-right-account-for-your-jira-service-desk-customers-873871210.html#SelecttherightaccountforyourJIRAServiceDeskcustomers-HowdoIknowwhichaccountisbestformycustomers? and https://confluence.atlassian.com/cloud/select-the-right-account-for-your-jira-service-desk-customers-873871210.html#SelecttherightaccountforyourJIRAServiceDeskcustomers-MysitetransitionedtoAtlassianaccounts.HowcanIgivelicensestocustomersIwanttocollaboratewithinJIRAorConfluence?

Details

Description

Summary

Environment

Steps to Reproduce.

Expected Results

Actual Results

Notes

Workaround

Attachments

Forms

Activity

Collapse comment: Michael Ruflin added a comment - 24/May/2017 12:33 AM

Expand comment: Michael Ruflin added a comment - 24/May/2017 12:33 AM

Collapse comment: Michael Ruflin added a comment - 24/May/2017 12:31 AM, Edited by Michael Ruflin - 24/May/2017 12:49 AM

Expand comment: Michael Ruflin added a comment - 24/May/2017 12:31 AM, Edited by Michael Ruflin - 24/May/2017 12:49 AM

People

Dates