Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can I change default access groups to synced groups?

Edited

Since migrating to SSO new users are no longer added to our jira-users and confluence-users groups. Instead, users are added to groups synced from our idp.  We have replicated global permissions, jira permission schemes and space permissions and added the groups to product access but it is not possible to switch default access groups from the product permissions admin page. The option is not available and the tooltip says: "this is a read only group and cannot be set as default" so I have two questions:

1. Is it possible to change default access groups to a synced group and if so how?

2. Given that permissions and access is aligned with the default access groups, what difference does it make to change default access group? (bearing in mind that new users aren't automatically added to the group by our idp)

5 answers

FYI:  We never did get an answer to this question. 

Here's what we did:

First, we gave the appropriate managed groups product access

Then we added the new managed groups to space defaults (confluence) and permission schemes where jira-users had been used (for Jira) - leaving the jira-users and confluence-users in place in the short term.

After that, we stopped adding people to jira-users and confluence-users.  We have a slow trickle of calls for people who couldn't get access. In every case - this meant a specific project or space hadn't been updated so we fixed the space in question.

We never got hit with too many calls and over time the calls stopped with the new groups being key and the jira-users and confluence-users being legacy.

A few gotchas:

* Personal spaces - we fixed up team space permissions reasonably quickly, but personal spaces were not accessible by default for the admin group.

* JIra group permissions - this needs to be done on a project by project basis. It's OK to update permission schemes, but project roles are often granted to groups such as jira-users

* service accounts - for our IDP we only had human accounts to service accounts are not managed and still still in jira-users and confluence-users.  if you want to clean out these groups, be careful.  Also, the groups remain default.

 

I'm sure there is a better solution, but having migrated over and with no obvious alternative, this worked out OK for us in the end. It meant no big-bang transition and a very slow move to the new process, but all our users are now automatically synced and we have very little account management to worry about

We are having the same issue. Users are being auto-provisioned, but then we are still having to go in and assign them to the `jira-software-users` group (even though it is set as the default access group). Has anyone found a solution?

Did anyone ever solve this? I'm having this issue two years later...

Additionally, the text on the right reads: "When a user is granted access to a product, they will be added to the products default access group."

 

This makes it sound like that when a user is synced down from the IDP, Atlassian is supposed to add them automatically to jira-users and confluence-users. But this is also not happening for us. 

I also wondered about this.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

See Atlassian Access in action - Live Demo

Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...

117 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you