Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,560,301
Community Members
 
Community Events
185
Community Groups

User email changes in Azure nor synced to Atlassian Access

Sérgio Nogueira
Sérgio Nogueira
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
Apr 04, 2023

Hi guys

A user in our organization changed name and with that changed the email in our Identity Provider, that generated a new email address which was updated in Azure but not synced to Atlassian Access.
After this the user lost access to Jira and Confluence, since the previous email no longer existed for SSO and could not login with the new email, because it was not registered in Atlassian Access.
The user requested the registration of the new email in Atlassian Access, but still has no access.
Now we have 2 users for the same person not being able to login in Atlassian Access.


How can we solve this sync issue, updating user data in Atlassian Access and granting the needed groups for application access?

Answer
Watch
Like Be the first to like this
233 views

3 answers

3 accepted

1 vote
Answer accepted
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Apr 05, 2023 • edited

Hello, @Sérgio Nogueira 

You should really check the attributes mapping in your Atlassian Cloud application responsible for User Provisioning.

The default values that you get out-of-the-box are not entirely correct. Specifically the matching must be done by objectId, not email, or userPrincipalName – as these, same as first and last names can easily change.

Now that you have two user records for the same user with different emails, you may indeed have to rename the email on one of them – I suspect the new one, so the automatic update can come through on the old record.

Reply
0 votes
Answer accepted
Sérgio Nogueira
Sérgio Nogueira
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
Jun 01, 2023

Hi guys,

this got solved after Atlassian support intervention, otherway I would have to wait for the user delition in Atlassian so that the new user would be synced.

Thanks

Reply
0 votes
Answer accepted
Kurt Rosivatz
Kurt Rosivatz Apr 05, 2023

Hi Sergio,

we sometimes face similar problems with our SCIM based provisioning of users in our Atlassian organization. Synchronization between your directory (Azure AD) and the Atlassian organization itself can take some time. If the users is disable or deleted with his old mail address and then registers himself instead of being provisioned then the his mail address is already "taken" so the changes in your directory cannot be propageted.

Best solution is to contanct Atlassian support - the can usually link the directory user and the newly created.

My workaround is: I rename the self registered user and change his email to something like name.defunct@myorganization.com. As the users is in my organziation I can do that. You must change to a non existing email within your organization. Then I deactivate the user and delete it (deletion is not effective immediately so only deleting is no option). The sync between your Atlassian organization and your directory should than work for your user again. It's very important that the user himself does not login / register with his email in the meantime.

HTH

Kurt

Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events