Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Azure AD - failback to normal accounts?

RMA
RMA July 14, 2020

We are looking at implementing SSO via Atlassian Access -> Azure AD SAML for all the users.

We are currently using Jira Core / Jira Software and Trello.

The one question raised is what happens if the SSO link goes down, can we resort to non SSO authentication?

Doing a test, it appears to automatically redirect you to the SSO without having an option of doing the non SSO method?

Any help is appreciated.

 

 

Answer
Watch
Like Be the first to like this
693 views

1 answer

1 accepted

0 votes
Answer accepted
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 14, 2020

Hi @RMA ,

A couple points I would make in response to your question:

  1. Once a user has logged in, they will have a session cookie, so in the case of an SSO outage most users would be unaffected.
  2. We consider login and authentication (including SSO) our most critical service after our infrastructure itself, so we strive for extremely high availability. Here's the incident history for Atlassian Access so you can see for yourself: https://access.status.atlassian.com/history
  3. In the case that SSO were to be unavailable for an extended period of time (either because of an error on the Atlassian side or an outage in Azure AD, which is hopefully just as reliable), then yes, you can disable SSO for all users. If you do, login will revert to a standard email address + password. For users that have only ever logged in through SSO, they would need to go through the Reset Password flow to set a local Atlassian password.

Hope this helps.

Dave

View More Comments
RMA
RMA July 14, 2020

Thanks Dave,

On point 3, would we need an account that is not SSO enabled to be able to log in?

So it should not be part of our normal domain? Like a personal email address?

This is if the session cookie expires and somehow the connection between the Azure AD and Atlassian Access fails.

 

Thank you!

Like
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 15, 2020

@RMA yes, we recommend this as a precaution. Usually not because we are worried about the SAML connection failing, but we do see people make mistakes during the initial SAML configuration setup and end up locked out. So it's a good idea no matter what :) 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

    See all events