Single Sign On for External User

ABC.Ram.Ponnuram April 18, 2024

Confluence cloud now uses Azure for account access. We have azure accounts that are converted to external users. Example, I have a user account in Azure with Datacom(another company) email address and linked to their Azure for authentication.

Access is granted to that user, but when he tries to login with the link we sent, it tries to authenticate the user to their Confluence subscription and fails as the user don't have access to their company's confluence page.

Atlassian login page keeps authenticating the user to their own Company's Confluence subscription and not to the subscription that we have.

 

Any advice ?

2 answers

0 votes
Humashankar VJ
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 21, 2024

Hi @ABC.Ram.Ponnuram 

Thanks for adding more context.

I could sense the challenges while managing multiple accounts for external users in Azure

Why don't you try other possibilities like - Separate Internal and Guest Accounts / Convert Internal Accounts to Guest with MFA.

Regards

 

0 votes
Humashankar VJ
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 19, 2024

Hi @ABC.Ram.Ponnuram 

 

You're absolutely right,

Confluence Cloud with Azure Active Directory (AAD) currently doesn't support enforcing Single Sign-On (SSO) for external users with email addresses from different domains.

There are good set of discussion already on this topic - kindly refer them:

Single Sign on for internal and external users (atlassian.com)

Solved: Atlassian Access: External Users that are not part...

 

Hope this helps - Happy to help further!!
Thank you very much and have a great one!
Warm regards

ABC.Ram.Ponnuram April 21, 2024

The trouble would be managing accounts, If we are to have 2 accounts for each external user in Azure (an internal and a guest).

We have automated account management for internal accounts, but not for external accounts which will be a manual task when the external person is no longer working with us.

Microsoft has an option of converting internal accounts into external with MFA capability even though we can't control their password criteria, we can still enforce MFA on their account that is converted into external.

We have a team of 8 users from external domain, strangely it works fine for 1 of them with SSO but not for the other. I am waiting response from all the others as well.

 

Like Humashankar VJ likes this
ABC.Ram.Ponnuram April 22, 2024

Got more info from the external users, once they got their license setup for their own confluence subscription, they are able to access our subscription without any issue.

Sounds like an external user also needs a license from their side.

Getting my colleague to test access for external users who don't have any confluence subscriptions (like personal accounts gmail... etc)

Looks like the external user account need 2 licenses, 1 granted by us and the other on their own subscription (if they have one). As per your previous suggestion to have 2 separate accounts (1 internal with our license and 1 guest account) for the external users, but managing the guest account as before is an overhead for management of accounts.

Needing 2 licenses is not a happy ending answer :p

 

Like Humashankar VJ likes this
Humashankar VJ
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 23, 2024

Hi @ABC.Ram.Ponnuram 

I see what you mean about guest accounts being a pain to manage.

Regards

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events