Open issues

Order by Priority
  1. Suggestion
    ACCESS-604Grant users synced from identity providers via SCIM application access by default
  2. Suggestion
    ACCESS-790Allow Group enrollment based on SAML attributes when using Just-In-Time provisioning
  3. Suggestion
    ACCESS-800Ability to rename groups after they've synced to the organization from an identity provider.
  4. Suggestion
    ACCESS-1227Allow Org admins to disable email notifications
  5. Suggestion
    ACCESS-1422Allow customers to configure IP allow list by country (geoblocking)
  6. Suggestion
    ACCESS-1510Ability to create Email Notifications for Group Membership changes from Audit Log
  7. Suggestion
    ACCESS-1559Ability to export groups from Atlassian Admin
  8. Suggestion
    ACCESS-1771Reduce the IP address range to be allowlisted based on customer location
  9. Suggestion
    ACCESS-2203Option to Export a List of Licensed Users from a Specific Site.
  10. Suggestion
    ACCESS-2338Provide feature to prevent page sharing with external users in Confluence
  11. Suggestion
    ACCESS-2339Improvement in Audit Logs for Jira Product Discovered
  12. Suggestion
    ACCESS-1952Allow Multiple External User Security Policies
  13. Suggestion
    ACCESS-2340Allow clear Time selection/General improvements to Audit Log Filtering
  14. Suggestion
    ACCESS-1213Sign SAML Requests
  15. Suggestion
    ACCESS-1009Ability to control site/organization access for accounts via user provisioning
  16. Suggestion
    ACCESS-1451Improvements to Idle Session Authentication Policy Options
  17. Suggestion
    ACCESS-1533Allow for org and site admin permissions to be assigned via groups (local or provisioned)
  18. Suggestion
    ACCESS-2308Disable the "Remove user" button on the Users page UI for SCIM synced users.
  19. Suggestion
    ACCESS-2335Support for OAuth2.0 authentication for SCIM IdP integration
  20. Suggestion
    ACCESS-2337Improve the User exports filter with options to filter managed and unmanaged accounts.
  21. Suggestion
    ACCESS-2099Allow customers to map group description on Entra
  22. Suggestion
    ACCESS-2325Ability to Reset user sessions in Authentication Policies via REST API
  23. Suggestion
    ACCESS-1911Allow admin to select Group and user type to be synced with Azure AD sync
  24. Suggestion
    ACCESS-2033Control product suggestion and request notifications
  25. Suggestion
    ACCESS-1198More controls over email notifications received by Organization Admins
  26. Suggestion
    ACCESS-1747Allow administrators to set managed users marketing email subscriptions
  27. Suggestion
    ACCESS-1540Provide Organization Admins with granular control over managed Bitbucket accounts
  28. Suggestion
    ACCESS-2334Export/Integrate Access logs with SIEM tool
  29. Suggestion
    ACCESS-592Logging out of Atlassian account does not log out of SAML provider
  30. Suggestion
    ACCESS-1023Allow the site-admin role to be assigned to a provisioned group
  31. Suggestion
    ACCESS-1481Removing the User from Atlassian Cloud App on IDP should unlink its SCIM ID
  32. Suggestion
    ACCESS-1946Provide a tool to identify ip and domain blockage in customer environment
  33. Suggestion
    ACCESS-1236Include Atlassian Access features in "Release Tracks" feature
  34. Suggestion
    ACCESS-822Support more synced attributes for SCIM User Provisioning
  35. Suggestion
    ACCESS-2332Summary: Add audit log entries for app additions (e.g., JSM trial) to existing sites
  36. Suggestion
    ACCESS-1040IP allow list: Allow specific policies to only apply to specific products/pages/Spaces/Projects
  37. Suggestion
    ACCESS-1048IP allowlist on organization administration (admin.atlassian.com)
  38. Suggestion
    ACCESS-1274Automatic account deletion base on time
  39. Suggestion
    ACCESS-1449Auto deactivate Atlassian Accounts based on inactivity
  40. Suggestion
    ACCESS-1526Allow non-enterprise customers to temporarily have multiple IDPs
  41. Suggestion
    ACCESS-1628Please include user-created activity for JSM Issues in the Organization Audit Log
  42. Suggestion
    ACCESS-1834Automatically move users from local policy to IDP linked policy once they are provisioned
  43. Suggestion
    ACCESS-2000Cannot unsuspend a SCIM provisioned account(if this account is previously suspended)
  44. Suggestion
    ACCESS-2097Improvement on Content Scanning to secure Sensitive data- Atlassian Guard Premium
  45. Suggestion
    ACCESS-814Implement user and group provisioning with Trello
  46. Suggestion
    ACCESS-979Allow managed account email addresses to be changed to a domain not verified at the organization
  47. Suggestion
    ACCESS-1021Provide ability to remove synced accounts and groups from the Directory through the UI
  48. Suggestion
    ACCESS-1497Allow the Atlassian Account email address to be mapped to an attribute via Azure AD sync
  49. Suggestion
    ACCESS-1548Retry on SERVFAIL/network error response from DNS Lookups & fallback to secondary DNS resolution
  50. Suggestion
    ACCESS-1609Allow automatically redirected to SSO provider when logging into a site
Refresh results
1 of 500
Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-604

Grant users synced from identity providers via SCIM application access by default

    • 806

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      When User Provisioning is enabled in the identity provider, created users through push group from the IdP are just added to the synced group in the Cloud site and not to the default application access group(s).

      This creates a problem when the Cloud instance has a lot of existing projects/spaces with access already granted to default app groups.

      Workarounds

      There are currently a few possible workarounds for admins:

      1. The admin(s) would need to manually grant synced IdP groups access to existing Jira projects / Confluence spaces OR manually add the users to the default app group on Atlassian side. Which is a time-consuming process if there are a lot of projects/spaces in the instance.
      2. RECOMMENDED: The admin(s) would need to configure the synced group from the IDP to grant product licenses and permissions with the same configuration as the default group (can be time-consuming depending on how many places the default group has been given access to).
      3. The admin(s) can configure the Approved Domain settings (see the Approved Domain support doc), to allow users with their email domain to get access to the necessary products as needed. These users will be put into the default product access groups.
      4. The out of the box default groups (such as jira-software-users-sitename) can be taken over by the IdP.
        1. Create a new group, e.g. default-jira-software-users-sitename, and make it the default group for your product.
        2. For the standard default group (e.g. jira-software-users-sitename), remove it as the default group for your product.
        3. Create a group in your IdP with the standard default group name (e.g. jira-software-users-sitename) and sync your users who need product access into this group.
        4. The group will be 'taken over' by your IdP, the users will sync from your IdP, but the project/space settings will be kept as is.

       

      In case additional support is required, please raise a ticket with Atlassian Support.

        1. Screenshot 2023-07-28 at 3.27.46 pm.png
          Screenshot 2023-07-28 at 3.27.46 pm.png
          127 kB

            SET Analytics Bot made changes -
            Support reference count Original: 805 New: 806
            SET Analytics Bot made changes -
            Support reference count Original: 804 New: 805
            SET Analytics Bot made changes -
            Support reference count Original: 805 New: 804
            SET Analytics Bot made changes -
            Support reference count Original: 804 New: 805
            SET Analytics Bot made changes -
            Support reference count Original: 802 New: 804
            SET Analytics Bot made changes -
            Support reference count Original: 801 New: 802
            SET Analytics Bot made changes -
            Support reference count Original: 800 New: 801
            SET Analytics Bot made changes -
            Support reference count Original: 799 New: 800
            SET Analytics Bot made changes -
            Support reference count Original: 797 New: 799
            SET Analytics Bot made changes -
            Support reference count Original: 796 New: 797

              e902c0832f88 Sudesh Peram
              vvisanakarrala Veera (Inactive)
              Votes:
              313 Vote for this issue
              Watchers:
              297 Start watching this issue

                Created:
                Updated: