Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,557,435
Community Members
 
Community Events
184
Community Groups

Does Atlassian Access allow different users to have same email address?

Edited
Priska Aprilia
Priska Aprilia Oct 02, 2019

Hi,

We are exploring Atlassian access for user and SSO provisioning to Jira Service Desk Cloud.
We have a mobile app where our users log in using a unique Agent Code and password that is authenticated to AD. However these users may share the same email address. What we want is once the user is authenticated by AD, they can access JSD Customer Portal (Web view embedded in the mobile app) without further login.

If we want to use Atlassian Access for user and SSO provisioning with the condition specified above, is that possible? what will be the pros and cons?

I have read the following article, that might be a conflict if the AD is not configured properly.

https://confluence.atlassian.com/cloudkb/how-to-overcome-email-is-already-taken-error-when-trying-to-change-email-address-of-an-atlassian-access-managed-account-959790039.html

image2018-10-18_0-23-23I guess that if we configure Agent Code as internal id for the users that will not change then our scenario is possible even though these users may share same email id. However, that's only my guess.

I am open to any suggestion from experts and more experienced folks.

Thank you!

Answer
Watch
Like Be the first to like this
529 views

1 answer

0 votes
Ramon Macalinao
Ramon M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 12, 2019 • edited

Hi Priska, 

Thanks for using Atlassian Community. 

To start off with Atlassian Access which provides the SSO solution in Atlassian cloud is done via SAML. Unfortunately, it's not possible to directly use the session token generated by third party AD into accessing a Jira Service Desk portal in cloud. 

With Atlassian Access, the SSO login flow is always via our centralized identity service in https://id.atlassian.com. Our ID service will communicate with your AD via SAML during end user's authentication. On a successful authentication, the browser session token is generated for Atlassian cloud and that will be used when accessing the service in Atlassian cloud (ie. Jira service desk cloud portal). 

The solution also requires the following :

  • The end user has an Atlassian Account in cloud. This is the online identity of your end user in Atlassian and it is identified by a unique email address. This account can be granted access to a Jira service desk portal which makes the user a customer to your service desk.
  • The Atlassian Accounts are under a domain owned by your company. SSO can only be enforced in Atlassian Cloud to all Atlassian accounts that has an email address under your domain. 

The mapping on the KB Page you mentioned refers to how the Atlassian Account is connected to the account on AD side via SAML. Technically, you can have an Atlassian Account under a shared email address under your domain and you can enforce the SSO to that with your AD. On Atlassian side though, the end users' identity will be lost under one shared Atlassian Account, so I would not recommend it. 

On the other hand, Atlassian Access SSO is free to use for unlicensed domain users which makes it free for service desk portal customers. 

May I ask what is your identity service provider and does it support SAML?

Regards,
Ramon

Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events