It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Azure AD - failback to normal accounts?

RMA I'm New Here Jul 14, 2020

We are looking at implementing SSO via Atlassian Access -> Azure AD SAML for all the users.

We are currently using Jira Core / Jira Software and Trello.

The one question raised is what happens if the SSO link goes down, can we resort to non SSO authentication?

Doing a test, it appears to automatically redirect you to the SSO without having an option of doing the non SSO method?

Any help is appreciated.

 

 

1 answer

1 accepted

0 votes
Answer accepted
Dave Meyer Atlassian Team Jul 14, 2020

Hi @RMA ,

A couple points I would make in response to your question:

  1. Once a user has logged in, they will have a session cookie, so in the case of an SSO outage most users would be unaffected.
  2. We consider login and authentication (including SSO) our most critical service after our infrastructure itself, so we strive for extremely high availability. Here's the incident history for Atlassian Access so you can see for yourself: https://access.status.atlassian.com/history
  3. In the case that SSO were to be unavailable for an extended period of time (either because of an error on the Atlassian side or an outage in Azure AD, which is hopefully just as reliable), then yes, you can disable SSO for all users. If you do, login will revert to a standard email address + password. For users that have only ever logged in through SSO, they would need to go through the Reset Password flow to set a local Atlassian password.

Hope this helps.

Dave

RMA I'm New Here Jul 14, 2020

Thanks Dave,

On point 3, would we need an account that is not SSO enabled to be able to log in?

So it should not be part of our normal domain? Like a personal email address?

This is if the session cookie expires and somehow the connection between the Azure AD and Atlassian Access fails.

 

Thank you!

Dave Meyer Atlassian Team Jul 15, 2020

@RMA yes, we recommend this as a precaution. Usually not because we are worried about the SAML connection failing, but we do see people make mistakes during the initial SAML configuration setup and end up locked out. So it's a good idea no matter what :) 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

420 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you