Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
Level
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

User Management Azure AD

Hi guys, hope you are doing great.

we've been using Atlassian products without SSO, and now we are in the process of setting up SSO. I created a Dev environment, to setup up SSO, and it's working as expected.

When the user tries to log in from the console, he gets redirected to the IdP to authenticate himself before he can log in.

but I'm not sure how to handle users we invited with their personal email.

since they are not managed users, the authentication policy Enforce single sign-on does not apply to them.

I don't know if you have an idea on what would be the best why to approach this situation.

the objective would be to invite the user into our azure active directory before he can access the platform. 

I think my overall question is, how should I handle current invited users. because when those users try to log in, they don't get redirected to the Identity provider. 

 

Thank you!

 

1 answer

0 votes

Hello @Charly Kevin Djouontu,

Welcome to Atlassian Community!

When using SSO on a Cloud site, the policies and the ability to login with the identity provider will be applied only to the accounts from the verified domains.

If you invite users from a different domain or from a domain you can’t verify as Gmail.com, Outlook.com, for example, they will need to log in with email and password or the “Continue with Google/Microsoft”.

The only option for them to have a more secure login is by using Two-Step verification that can be enabled by them on https://id.atlassian.com/manage-profile/security/two-step-verification.

If there is anything else we can do to help, please let us know.

Kind regards,
Angélica

Dave Meyer Atlassian Team Mar 20, 2021

If you've already created accounts in Azure AD for the users that have been invited with their personal email, the easiest way to solve the problem is to have each user change their Atlassian account email address to their company email (https://support.atlassian.com/atlassian-account/docs/manage-your-personal-profile/)

This will maintain all the associations between your existing data and the users' accounts. Assume the new email matches what's in Azure AD, they will be automatically redirected to log in via SSO next time they log in.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

1,024 views 1 11
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you