Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Azure AD - failback to normal accounts?

We are looking at implementing SSO via Atlassian Access -> Azure AD SAML for all the users.

We are currently using Jira Core / Jira Software and Trello.

The one question raised is what happens if the SSO link goes down, can we resort to non SSO authentication?

Doing a test, it appears to automatically redirect you to the SSO without having an option of doing the non SSO method?

Any help is appreciated.

 

 

1 answer

1 accepted

0 votes
Answer accepted
Dave Meyer Atlassian Team Jul 14, 2020

Hi @RMA ,

A couple points I would make in response to your question:

  1. Once a user has logged in, they will have a session cookie, so in the case of an SSO outage most users would be unaffected.
  2. We consider login and authentication (including SSO) our most critical service after our infrastructure itself, so we strive for extremely high availability. Here's the incident history for Atlassian Access so you can see for yourself: https://access.status.atlassian.com/history
  3. In the case that SSO were to be unavailable for an extended period of time (either because of an error on the Atlassian side or an outage in Azure AD, which is hopefully just as reliable), then yes, you can disable SSO for all users. If you do, login will revert to a standard email address + password. For users that have only ever logged in through SSO, they would need to go through the Reset Password flow to set a local Atlassian password.

Hope this helps.

Dave

Thanks Dave,

On point 3, would we need an account that is not SSO enabled to be able to log in?

So it should not be part of our normal domain? Like a personal email address?

This is if the session cookie expires and somehow the connection between the Azure AD and Atlassian Access fails.

 

Thank you!

Dave Meyer Atlassian Team Jul 15, 2020

@RMA yes, we recommend this as a precaution. Usually not because we are worried about the SAML connection failing, but we do see people make mistakes during the initial SAML configuration setup and end up locked out. So it's a good idea no matter what :) 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

What's new in Atlassian Access - Webinar

Based on your valuable feedback, we have released several new features to help you gain administrative flexibility with authentication policies, visibility into shadow IT with automatic product disco...

98 views 2 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you