You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Ok here is the scenario. I want to set up SAML SSO with our Gsuite domain so that Jira service desk users do not need to log in (after logging into their google account). We have a trial version of Jira Service desk as well as a trial version of Atlassian Access. Initially I turned on managed accounts through the GSuite Admin setting using my admin account to verify the domain. Big mistake once the user sync completed all users get an confusing email telling them their account is now managed etc. What I want is SAML SSO to start without sending messages to all users. After reading the documentation it seemed that in order to enable SSO I first needed to disable the managed accounts Gsuite connection which I did (resulting in another mass email to all users). After this step the GSuite doamin is no longer verified. I have now sucessfully verified the GSuite domain but I am not getting the option to configure SSO under the Organization - Security - SAML Single Sign On link in the Admin interface. Although the domain shows as verified I am not getting the SAML config options.
Can someone assist me getting SAML set up and then managing the accounts from the GSuite side without sending out emails to everybody without any warning?
Update: Here is the question. Do I need to claim all the accounts from my verified GSuite domain in order to enable SAML SSO? I would like to avoid sending another email to everyone but I will if that is the only way to enable SSO betweent the GSuite domain and Atlassian Access.
Thanks in advance,
Hi @Elijah Lapson , check out this answer more details: https://community.atlassian.com/t5/Atlassian-Cloud-Migration/Re-Implications-of-connecting-GSuite-domain-to-Atlassian/qaq-p/1315007/comment-id/106#M106
Yes, you do need to claim the accounts before SSO can be enforced, and unfortunately this does trigger another email to users. This is because until the accounts have been claimed they are not "managed". Once you claim the accounts, they are managed by your organization and this changes what control you have over them, and we're required to notify users of the change to our terms.
Hope this helps,