Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Can I enable automatic approval of new users, but only give them site only access?

Chris Christensen
Chris Christensen Jan 28, 2021

I am looking for a way to get internal customers onboarded into our service desk while accessing it via Okta. I've got the Okta piece in place and functioning and Site Access settings I have it set to approve our email domain. On the product access side, I have all Atlassian products turned off for new users in the hopes that a new user onboarding themselves can just be added with site access so that they can immediately access the service desk portal.

I did find that if I give access to a single product inside of product settings for new users then an approval request is not required. My issue with this is that internal customers are not going to land on the service desk portal page, but the page for the product they've been licensed for and I still have to come back around and clean up the license.

Is there a way around this limitation? It would be extremely helpful in getting internal customers into the portal vs just sending requests to the service desk via email. If there's another way I should be loading customers into the service desk portal please let me know.

 

Thanks in advance.

Answer
Watch
Like Be the first to like this
369 views

1 answer

0 votes
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Jan 29, 2021

Hello, Chris.

By default with Jira Service Desk in Cloud the opposite is the norm - customers in Service Desk are authenticated completely separately from Atlassian ID/Atlassian Access/SAML (your connection OKTA) with password-based credentials and if your customer happens to have an Atlassian ID (e.g. in your organisation) you need to explicitly (and manually!) migrate their JSD record to an Atlassian account in https://admin.atlassian.com/s/<your org id>/jira-service-desk/portal-only-customers

As such, I believe what you are after is not currently possible without some programmatic way via JSD API (https://developer.atlassian.com/cloud/jira/service-desk/rest/api-group-customer/#api-rest-servicedeskapi-customer-post).

Some customers have configured a public Service Desk project, available anonymously for the sole purpose of raising a request (thus creating a customer record) to trigger some further automation.

There is a user created webhook in Jira, and based on relatively recent comment in https://jira.atlassian.com/browse/JRACLOUD-74959 it should fire, though it's not clear to me if the user must be given access to Jira product in this case.

Since you mention OKTA, you must be using Access, so theoretically you can poll your organisation's users regularly too via Access API (https://developer.atlassian.com/cloud/admin/organization/rest/api-group-orgs/#api-orgs-orgid-users-get) but that needs Access token that expires every 7 days, which hardly makes it automatic.

Consider all of the above as "thoughts out loud", some originally in the context of Cloud roadmap for our UserManagement product (currently available only on Server and DC). I am happy to be proven wrong and would welcome anyone to point a better way?

Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events