Hi Atlassian Community happy Wednesday, Our organization is looking to change the e-mail of an account belonging to another organization that has SAML SSO enabled. Our organization does not have SSO for Atlassian yet.I cannot change their e-mail from User Administration, and the user cannot change their e-mail, they get the following message:Log in with SAML enabledConnected accountYour account is connected to a SAML account. Changing the email address here will disconnect your account from the SAML account.Managed accountYour account uses single sign-on.Contact your identity provider administrator to change your email address.My goal is to change a user's email address so that they retain their historical ownership of Jira/Confluence content.Questions: What is the best way to approach this, if the other organization disconnects access to the account, does it disconnect the SAML and leave the account in Atlassian intact as "Deactivated" or does it delete the Atlassian account as well?Is there a way for the other organization in User Administration to disconnect a particular user from Atlassian SAML?Thanks very much,-Jake

Community
Q&A
Atlassian Guard
Questions
How do I change an account's e-mail that is connected to SAML SSO?

Access & Azure - Disable existing users

Hi,

We have enabled Access and implemented SSO with Azure. The "Scope" in Azure is set to "Sync only assigned users". Users are sync'ed correctly. I have a couple of questions:

1. The scope in Azure contains project groups that use Atlassian. Not all projects in the company have Atlassian products. How can we make it so a user gets deactivated in Atlassian when a it is removed from the groups in the scope? Basically he no longer is in the scope of the sync so provisioning will not try to process that user and change his status.

2. I have an active user in scope of the sync. If I deactivate that user in Atlassian Access (the user is still active in Azure) it will not get reactivated upon sync. Is this by design?

3. There are a lot of accounts since before the Access/Azure integration. The accounts are not in the scope of the provisioning. How can I de-activate them. Basically this question ties the first two. I want to deactivate all users not in the groups in the scope. I want them to get re-activated if they are added in the scope at some point.

Thanks!

2 answers

1 accepted

0 votes

Answer accepted

Atlassian support noted that, "this user would need to contact their Org admin, requesting them to either exclude their account from SSO, or update the email address"

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Hi @Jake Budin

As an administrator, you can change the email address from your Org admin hub. Just ensure that the domain is claimed in the Org where you want to implement the change of email. What you cannot do is change the email address of a user who's domain you've not claimed. So the first step here is ensure that the domain you're administering is already claimed in your Org before you could proceed to the next step.

Likewise, disconnecting or invalidating a domain claim, allows for another Org to claim and verify that domain. Atlassian access does not deactivates or deletes an account as a result of disconnecting a domain from your Org or removing the SAML.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Good day Prince,

The user is from another organization, the ability to change their e-mail address is greyed out from the Org admin hub. We cannot claim that domain because it is their domain.

The latter part of your comment is helpful, as you explain if a user is deprovisioned in SAML SSO, their Atlassian account is not deleted

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Unfortunately, you won't be able to do anything since you don't have ownership of that domain.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Access & Azure - Disable existing users

2 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events