Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What happens to existing users when migrating over to Atlassian Access for SSO?

Joel Hasan
Joel Hasan May 6, 2019

We are currently running JIRA servicedesk and JIRA on the cloud, and about to enable Atlassian Access for SSO. What happens to the existing user accounts (permissions, groups etc.) when we turn on SSO? Will their passwords be wiped and require them to instantaneously login via SSO, or will there be the option to use manual passwords until we are comfortable that SSO is performing correctly on migrate people in batches?

Answer
Watch
Like Be the first to like this
1944 views

1 answer

1 accepted

2 votes
Answer accepted
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 7, 2019

Hi @Joel Hasan,

Unfortunately it's not possible to progressively enable SSO. Once you enable your SSO configuration, all user login attempts will be delegated to your SSO provider. However, users' local Atlassian account passwords are not deleted. If you were to disable your SSO provider, users could once again log in using their previous Atlassian account password.

We highly recommend that you ensure that at least once organization administrator has an account that is not on a verified domain, so that if something goes wrong in your SSO configuration, you can log in to disable it.

We are planning to introduce better support for testing SSO configurations in the future, but I recognize that won't help you in the short term rolling this out. 

Regards,

Dave

View More Comments
Joel Hasan
Joel Hasan May 7, 2019

Hi Dave,

Thank you very much for the response, this is very helpful!

Joel

Like
Patrik Fontana
Patrik Fontana May 8, 2019

Hi @Dave Meyer ,

We are pretty much interested as well to understand what is the process from the user standpoint when SSO is enabled. Will the user get notified? Will the user go to few steps and if yes what would those be?

Thanks.

Like
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 12, 2019

@Patrik Fontana Users are notified when you verify a domain, but not when you enable SSO.

However, in order to enable SSO, you must first verify the domain, and once you have verified the domain, you have access to all user email addresses on that domain (and that will be covered by your SSO configuration). This gives you the ability to send your own notifications to all users.

There are no steps for end users. Once SSO is enabled, the Atlassian account login screen will simply redirect them to your SSO login screen the next time they log in.

Like
Francis Vidal
Francis Vidal September 4, 2019

Is the ability to login via SSO assigned per-user?

Like
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 9, 2019

Hi @Francis Vidal

Not at this time. Once SSO is enabled, all managed accounts under your organization will login via your configured SSO provider.

Regards,

Dave

Like
George Kuznetsov
George Kuznetsov April 24, 2020

Hi @Dave Meyer We also use Jira Cloud and enabled SSO. The Phone app for Jira still lets me log into the account with no requests for authentication. But it works for all new users. How I can fix it?

 

BR,

George

Like
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 24, 2020

Hi @George Kuznetsov ,

We don't currently log out existing users from their mobile devices when SSO is enabled. If you have SSO enabled, then if you log out on your mobile device and log back in, it should take you through the SSO login flow.

Cheers,

Dave 

Like George Kuznetsov likes this
George Kuznetsov
George Kuznetsov April 24, 2020

@Dave Meyer Thanks for prompt response! I have at least one user who logged out a number of different times and it let him back in. He deleted and reinstalled and it still allows him to log in. Any suggestions?

Like
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 27, 2020

Hey @George Kuznetsov ,

If you are confident that the user logs in through SSO on the web, but when they use the same email address to log in through the mobile app, they are able to log in without using SSO, then I would recommend contacting our support team. This is not expected behavior.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

    See all events