Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Email address update in AD not reflected in Crowd

Jon Sword1
Jon Sword May 9, 2013

One of our users noticed that their email address was incorrect in JIRA. This was traced back to a typo in their Active Directory record. Active Directory has now been corrected by IT, but the change does not appear in Crowd. How do I update their profile in Crowd/JIRA/Confluence?

We are using AD as a Delegated Authentication Director.

Answer
Watch
Like Be the first to like this
1729 views

4 answers

1 accepted

0 votes
Answer accepted
Jon Sword1
Jon Sword May 9, 2013

Thanks to both of you for the reply...
I was not keen on the DB update as it would require an outage to simply update an email address, the second suggestion to edit it in JIRA and Crowd does not work because we have a read only connection to LDAP...
I was surprised to discover that letting it sit for half a day did the trick - somehow it updated in both automatically!!

Thx!

Reply
1 vote
Zul NS _Atlassian_
Zul NS _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 9, 2013

You can edit the email address in JIRA by going to Users > Users and click Edit link on the user's username. Delegated Authentication saved all the user details except the password in JIRA database of cwd_user table.

If you have Delegated Authentication configured in CROWD, edit the user details in Users > Search Users.

Reply
1 vote
Bhushan Nagaraj2
Bhushan Nagaraj
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 9, 2013

Hey Jon,

You can update the database directly. Let me know if you need the query.

Reply
0 votes
Byron Boudreaux
Byron Boudreaux February 1, 2018

Interesting update we discovered on this topic...in Azure AD, accounts that are of type Guest do not have the "mail" attribute on them.  The email address is populated into the "otherMails" attribute.  When we sync Crowd with Azure AD after adding a Guest account, the account is brought into Crowd and the Email Address field is populated.  So, it appears the behavior of the Crowd sync capability is if it sees the "mail" attribute on an Azure AD account it takes whatever is in it...even if it is nothing...but if the "mail" attribute is not present, it looks at the "otherMails" attribute and takes what is in that.  Seems like the logic in the sync code needs to be updated to look for the "mail" attribute but if it is not present OR it is NULL, look for the "otherMails" attribute.

View More Comments
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 1, 2018

Hi @Byron Boudreaux

Crowd is not to blame here, it is an inconsistency in Microsoft Graph API.

Crowd actually uses Microsoft Graph API to request Azure AD, which is just fine as it is what Microsoft recommends. The otherMails attribute you are referring to is not exposed in Microsoft Graph API (it is exposed in Azure AD Graph API which is a different API). Microsoft Graph API only exposes the mail attribute (for both regular users and guest users).

The thing is Microsoft Graph API returns a null value when the user is a regular user with no O365 mailbox but it does return the user's email address when the user is a guest user.

Like
Byron Boudreaux
Byron Boudreaux February 1, 2018

Just used PowerShell to query Microsoft Graph...I stand corrected.

Like
Byron Boudreaux
Byron Boudreaux February 1, 2018

We tried using the Guest accounts since it would populate the email field as we needed it and it would allow us to not have to create accounts explicitly in our directory but we were not able to authenticate to any of the Atlassian apps behind Crowd even though the account showed up in each one and had permissions.

Like
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 1, 2018

@Byron Boudreaux

I've just done a small test and I could not authenticate with a guest user belonging to a Crowd Azure AD connector. I'm wondering whether Azure AD guest users are actually supported by Crowd's native Azure AD connector as of today.

You might want to take a look at the Office 365 Directory Connector for Crowd: https://marketplace.atlassian.com/plugins/com.cleito.odcc/server/overview

ODCC does support external guest users ("external" meaning "not belonging to any O365/Azure AD tenant", for instance a user with a gmail address).

Disclaimer: I work for the vendor of the ODCC plugin.

Like
Byron Boudreaux
Byron Boudreaux February 1, 2018

@Bruno Vincent

Thanks for the tip Bruno.  DO you know if there is like an eval version that we can test before we buy?

Like
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 1, 2018

@Byron Boudreaux

You can actually test and use the plugin for as long as you want. Without a license, Cleito ODCC is limited to 5 users, what means that only the first five users who try to connect will be able to authenticate on Atlassian applications with their Office 365 credentials.

Like
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 2, 2018

@Byron Boudreaux

FYI we have just released a new version of the ODCC plugin with new options that you might be interested in, especially the following ones:

  • Option to fill in the Crowd email address field with the value of the Office 365 / Azure AD mailNickname attribute when the mail attribute has no value in Azure AD (unlike the mail attribute, the mailNickname attribute is always provisioned in Azure AD)
  • Option to allow Office 365 / Azure AD guest users to log into applications with their email address (e.g. john.doe@gmail.com) instead of their default username (e.g. john.doe_gmail.com#EXT#@yourcompany.com or john.doe_gmail.com#EXT#@yourcompany.onmicrosoft.com)
Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events