Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Google SSO and password access

I'm gradually moving our Atlassian users to Google SSO.  So when they click on the Atlassian login URL, they have the option of clicking to use their Google account.  That's great.

 

But can I also block them from using their old Atlassian account's password?  I want them to only be able to get into Atlassian from their Google account.  That way, by suspending or deleting their Google account (departing user), they would not be able to access their Atlassian account either.

 

Thanks

2 answers

1 accepted

0 votes
Answer accepted
Daniel Eads Atlassian Team Jul 09, 2019

Hey Jeff, welcome to the Community!

Glad to hear you're getting configured with SSO. According to our documentation, users who are managed via G Suite will be directed to a G Suite login after they enter their email address on the login page and click Continue.

Log_in_to_continue_-_Log_in_with_Atlassian_account.png

I think this addresses your need as users managed through G Suite don't get the opportunity to use a password with Atlassian ID. Disabling the account in G Suite will disable the account in Atlassian ID as well (during the next sync, and assuming the account is still in a synced group).

Cheers,
Daniel

Yes it does.

 

Thank you!

0 votes

Hi @Jeff Mooallem ,

What you are asking for is exactly what was tracked in the below Feature Request:

 

As you can see, the above ticket is marked as resolved and you can find all the details in the panel added to the top of the ticket description.

 

Also, as written in the Deactivate or delete managed accounts documentation page:

  • If an organization admin deactivates a user’s account, the user’s personal data will remain in Atlassian account services, and the admin can reactivate their account at any time.

  • If an organization admin deletes a user’s account, we’ll delete the user’s personal data from Atlassian account services, and no one will be able to reactivate their account.

An organization admin can delete a previously deactivated account if they decide to later.

 

Let me know if you have further questions on this topic.

 

Cheers,
Dario

Hi Dario


If I correctly understand this process in the documentation and enable it from the G-Suite SAML setup for Atlassian, we must subscribe to Atlassian Access in order to have G-Suite manage Atlassian access.  We do not subscribe to Access at this time so that means we cannot implement this.  Is that correct?

On the other hand, when I turned on G-Suite user sync in Atlassian User Management (and not use G-Suite SAML), that seems to work but they still have the Atlassian password available and can bypass Google 2FA.

In other words, I see two places to set up SSO: G-Suite user sync from Atlassian User Management, and SAML for Atlassian from G-Suite Admin.  The first works but still allows the user to login with the Atlassian password, and the second requires Atlassian Access.

Thanks for any advice on this.

Jeff

Dario B Atlassian Team Jul 12, 2019

Hi @Jeff Mooallem ,

In order to clarify, the behavior you are describing in below sentence should not be possible:

when I turned on G-Suite user sync in Atlassian User Management (and not use G-Suite SAML), that seems to work but they still have the Atlassian password available and can bypass Google 2FA.

 

As already written by @Daniel Eads , if you have Google Sync configured in your Jira instance (with or without Atlassian Access) then all the users belonging to you Google domain will always be redirected to log-in using Google. Only the other users, the one not belonging to the configured Google domain (if any), will be able to log-in using their Atlassian Account password.

Can you kindly double check this?

If you are experiencing a different behavior,  please let us know and we can open a support request on your behalf to have this issue further investigated. You can also open the support request yourself by going to: https://support.atlassian.com/contact

 

Cheers,
Dario

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

1,082 views 2 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you