Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,639,037
Community Members
 
Community Events
196
Community Groups

Google SSO and password access

Jeff Mooallem
Jeff Mooallem Jul 08, 2019

I'm gradually moving our Atlassian users to Google SSO.  So when they click on the Atlassian login URL, they have the option of clicking to use their Google account.  That's great.

 

But can I also block them from using their old Atlassian account's password?  I want them to only be able to get into Atlassian from their Google account.  That way, by suspending or deleting their Google account (departing user), they would not be able to access their Atlassian account either.

 

Thanks

Answer
Watch
Like Be the first to like this
1559 views

2 answers

1 accepted

0 votes
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jul 09, 2019

Hey Jeff, welcome to the Community!

Glad to hear you're getting configured with SSO. According to our documentation, users who are managed via G Suite will be directed to a G Suite login after they enter their email address on the login page and click Continue.

Log_in_to_continue_-_Log_in_with_Atlassian_account.png

I think this addresses your need as users managed through G Suite don't get the opportunity to use a password with Atlassian ID. Disabling the account in G Suite will disable the account in Atlassian ID as well (during the next sync, and assuming the account is still in a synced group).

Cheers,
Daniel

View More Comments
Jeff Mooallem
Jeff Mooallem Jul 23, 2019

Yes it does.

 

Thank you!

Like
Reply
0 votes
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jul 11, 2019 • edited

Hi @Jeff Mooallem ,

What you are asking for is exactly what was tracked in the below Feature Request:

 

As you can see, the above ticket is marked as resolved and you can find all the details in the panel added to the top of the ticket description.

 

Also, as written in the Deactivate or delete managed accounts documentation page:

  • If an organization admin deactivates a user’s account, the user’s personal data will remain in Atlassian account services, and the admin can reactivate their account at any time.

  • If an organization admin deletes a user’s account, we’ll delete the user’s personal data from Atlassian account services, and no one will be able to reactivate their account.

An organization admin can delete a previously deactivated account if they decide to later.

 

Let me know if you have further questions on this topic.

 

Cheers,
Dario

View More Comments
Jeff Mooallem
Jeff Mooallem Jul 11, 2019

Hi Dario


If I correctly understand this process in the documentation and enable it from the G-Suite SAML setup for Atlassian, we must subscribe to Atlassian Access in order to have G-Suite manage Atlassian access.  We do not subscribe to Access at this time so that means we cannot implement this.  Is that correct?

On the other hand, when I turned on G-Suite user sync in Atlassian User Management (and not use G-Suite SAML), that seems to work but they still have the Atlassian password available and can bypass Google 2FA.

In other words, I see two places to set up SSO: G-Suite user sync from Atlassian User Management, and SAML for Atlassian from G-Suite Admin.  The first works but still allows the user to login with the Atlassian password, and the second requires Atlassian Access.

Thanks for any advice on this.

Jeff

Like
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jul 12, 2019

Hi @Jeff Mooallem ,

In order to clarify, the behavior you are describing in below sentence should not be possible:

when I turned on G-Suite user sync in Atlassian User Management (and not use G-Suite SAML), that seems to work but they still have the Atlassian password available and can bypass Google 2FA.

 

As already written by @Daniel Eads , if you have Google Sync configured in your Jira instance (with or without Atlassian Access) then all the users belonging to you Google domain will always be redirected to log-in using Google. Only the other users, the one not belonging to the configured Google domain (if any), will be able to log-in using their Atlassian Account password.

Can you kindly double check this?

If you are experiencing a different behavior,  please let us know and we can open a support request on your behalf to have this issue further investigated. You can also open the support request yourself by going to: https://support.atlassian.com/contact

 

Cheers,
Dario

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events