Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

User email changes in Azure nor synced to Atlassian Access

Sérgio Nogueira
Sérgio Nogueira April 4, 2023

Hi guys

A user in our organization changed name and with that changed the email in our Identity Provider, that generated a new email address which was updated in Azure but not synced to Atlassian Access.
After this the user lost access to Jira and Confluence, since the previous email no longer existed for SSO and could not login with the new email, because it was not registered in Atlassian Access.
The user requested the registration of the new email in Atlassian Access, but still has no access.
Now we have 2 users for the same person not being able to login in Atlassian Access.


How can we solve this sync issue, updating user data in Atlassian Access and granting the needed groups for application access?

Answer
Watch
Like Be the first to like this
867 views

3 answers

3 accepted

3 votes
Answer accepted
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 5, 2023

Hello, @Sérgio Nogueira 

You should really check the attributes mapping in your Atlassian Cloud application responsible for User Provisioning.

The default values that you get out-of-the-box are not entirely correct. Specifically the matching must be done by objectId, not email, or userPrincipalName – as these, same as first and last names can easily change.

Now that you have two user records for the same user with different emails, you may indeed have to rename the email on one of them – I suspect the new one, so the automatic update can come through on the old record.

Reply
1 vote
Answer accepted
Sérgio Nogueira
Sérgio Nogueira June 1, 2023

Hi guys,

this got solved after Atlassian support intervention, otherway I would have to wait for the user delition in Atlassian so that the new user would be synced.

Thanks

Reply
1 vote
Answer accepted
Kurt Rosivatz
Kurt Rosivatz April 5, 2023

Hi Sergio,

we sometimes face similar problems with our SCIM based provisioning of users in our Atlassian organization. Synchronization between your directory (Azure AD) and the Atlassian organization itself can take some time. If the users is disable or deleted with his old mail address and then registers himself instead of being provisioned then the his mail address is already "taken" so the changes in your directory cannot be propageted.

Best solution is to contanct Atlassian support - the can usually link the directory user and the newly created.

My workaround is: I rename the self registered user and change his email to something like name.defunct@myorganization.com. As the users is in my organziation I can do that. You must change to a non existing email within your organization. Then I deactivate the user and delete it (deletion is not effective immediately so only deleting is no option). The sync between your Atlassian organization and your directory should than work for your user again. It's very important that the user himself does not login / register with his email in the meantime.

HTH

Kurt

Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events