Confluence cloud now uses Azure for account access. We have azure accounts that are converted to external users. Example, I have a user account in Azure with Datacom(another company) email address and linked to their Azure for authentication.
Access is granted to that user, but when he tries to login with the link we sent, it tries to authenticate the user to their Confluence subscription and fails as the user don't have access to their company's confluence page.
Atlassian login page keeps authenticating the user to their own Company's Confluence subscription and not to the subscription that we have.
Any advice ?
Thanks for adding more context.
I could sense the challenges while managing multiple accounts for external users in Azure
Why don't you try other possibilities like - Separate Internal and Guest Accounts / Convert Internal Accounts to Guest with MFA.
Regards
You're absolutely right,
Confluence Cloud with Azure Active Directory (AAD) currently doesn't support enforcing Single Sign-On (SSO) for external users with email addresses from different domains.
There are good set of discussion already on this topic - kindly refer them:
Single Sign on for internal and external users (atlassian.com)
Solved: Atlassian Access: External Users that are not part...
Hope this helps - Happy to help further!!
Thank you very much and have a great one!
Warm regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The trouble would be managing accounts, If we are to have 2 accounts for each external user in Azure (an internal and a guest).
We have automated account management for internal accounts, but not for external accounts which will be a manual task when the external person is no longer working with us.
Microsoft has an option of converting internal accounts into external with MFA capability even though we can't control their password criteria, we can still enforce MFA on their account that is converted into external.
We have a team of 8 users from external domain, strangely it works fine for 1 of them with SSO but not for the other. I am waiting response from all the others as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Got more info from the external users, once they got their license setup for their own confluence subscription, they are able to access our subscription without any issue.
Sounds like an external user also needs a license from their side.
Getting my colleague to test access for external users who don't have any confluence subscriptions (like personal accounts gmail... etc)
Looks like the external user account need 2 licenses, 1 granted by us and the other on their own subscription (if they have one). As per your previous suggestion to have 2 separate accounts (1 internal with our license and 1 guest account) for the external users, but managing the guest account as before is an overhead for management of accounts.
Needing 2 licenses is not a happy ending answer :p
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.