Fix SSO Configuration

We are having the exact same issue is our just rolled out JSM Cloud project.  In our existing JSD (server) install using the Crowd connector - users can login and auth using their UPN and still have an 'email' value set to their SMTP email address and the net result is they login as desired, AND they can create and reply to requests via email. No issues.

That does not work in Atalassian Cloud.  Using the Azure > Atlassian Access with SSO enforced only works if their 'email' value is mapped to UPN@domain  (which is what works with their MS 2FA and is a valid email to receive emails an an alias SMTP as well) -- BUT, their Azure AD primary SMTP email (and hence the value stored as 'email' in AD) and used to send emails is in fact "firstname.lastname@domain" and therefore users cannot comment on tickets via, create tickets via email etc.  Their Atlassian account sees their email as UPN@domain -- and any emails from their actual SMTP address gets treated as a seperate user -- and therefore we have to deny signups or new account creation via email or all heck breaks loose with dip accounts being created.

Other companies have surely had to address this using JSM Cloud? I have not located a good solution yet so would appreciate any ideas.  Simply having the ability to map a "other email" value Azure > Atlassian Cloud that is their SMTP email account -- via sync -- and have JSM treat any incoming emails from it as associated with the correct ID -- would be ideal.

Hi @Alexander Hammond 

Are you not populating the user's email address at all from Atlassian Access?

Assuming it's not feasible to block creation of Issues via email - I'd recommend:

• Create a new Atlassian Access, and Jira instance separate to your main instance
• Implement it with Azure AD, and test making changes with a small set of users

I'd recommend this because even if we do provide you advice - realistically, I wouldn't risk doing it in Production until you've thoroughly tested it.

Ste