Thanks for the suggestion, however our Jira Service Management product was already set for Customer product role in the user access settings for our domain, when this change went into affect, and we still have users being created without the role being set to Customer by default.
Like others here, this change broke the automatic provisioning of portal access to our new employees. All employees are provisioned via AzureAD to a group that is granted the "Service Desk Customers" role on Service Desk projects. Now new users who are added to this group do not have access to the projects.
We are having to manually enable the new access option "Jira Service Management - Customer". The email we received from Atlassian about this change stated:
"What do I need to do?
There’s nothing for you to do right now. To prevent any interruptions to you or your customers, we assigned the newcustomerrole to all existing users who had thenonerole for Jira Service Management."
No further direction was sent to us about what to do in the future. Clearly we need to do something else to have access automatically granted to a user group. I opened a support case for help since Atlassian made the breaking change.
Existing JSM sites will gradually migrate in the subsequent months. There will be no disruption to how your customers use your Help Center
Well this was a lie, as part of the roll out of this feature you took the existing customers and stuck them in a brand new static "customer group" created by your back end.
We use Azure SCIM and Atlassian Access to provision users into our tenancy and used the SCIMed groups for product/customer access.
Guess what happens when you just suddenly change customer access to a Static group? No new users receive any customer access... Easily fixed, but how anyone thought that this was an appropriate way to implement the change using a method like this is beyond me.
I apologise that the community post indicated there would be no changes required for admins. based on your feedback, we've identified that admins will need to update product access settings for SCIM synced "groups"
See below
What will I need to change for new users?
If you rely on Atlassian Access to SCIM sync users into "groups", you will need to ensure each "group" is configured to provision the new "Customer" role. This will ensure all new users have access to your JSM Help Center.
You can find instructions for configuring product access via "groups"here
@Ash Young - you also need to do a better job of providing a heads up to Admins of cloud tenancies when things will be affecting Atlassian Access in any capacity.
Community blog post announcements are not it... as there's typically a lot of these and we're not always reading all of them so things get lost in the noise. We also don't log into the admin console often... because we have automated SCIM workflows setup - so a banner in here alone is also likely not sufficient either.
I presume the assumption was because it was a "no actions required" change that this would be sufficient. If I've learned anything in many years supporting various IT systems the golden rule is - never assume anything.
Atlassian does not have a great track record of thorough QA testing before releases and sadly this isn't helping to show much improvement. SCIM provisioning scenarios is surely is something you must include in testing for any changes touching Atlassian Access.
Many thx for ne great news and the good work. I thnk its would be very nice to use this not only on Help-Centers instead on every Portal. Different Groups can Access Different Portals oder the Services on the Portals.
What about the Customers we added through JSM projects in Customers Tab?
Will we need to convert those Customers to the non-billable user in Admin center? At the moment, those Customers are only given access to the help center portal and they are not visible in the Admin center.
Can this new role be rolled out to Jira Product discovery as well ? Would be great if we can allow "Customer" to see roadmaps/plan views and comment on ideas.
We are in the process of moving from Server to DataCenter. We have MANY "customer" users. We have staff that are setup as Customer roles to strictly open tickets.
Today we use Crowd to pass user information to JIRA and will use Okta as we migrate - when attempting to apply the new licenses - we couldn't because it seems that the customer roles are taking up licenses. - More than we purchased. Given that these roles should be unlicensed - does anyone have any ideas on how to resolve? Anyone else experienced this? We can't - don't want to make the portal "public" for security reasons...
Ultimately, what is the difference between Portal-only Customer accounts (i.e. external customers) and JSM non-billable Customer accounts (i.e. internal customers)? They seem to both get the exact same access.
Update: We did figure it out...Our dev had setup many of the customer roles to be included in the app directory in a way that took up a seat. We unchecked that box - with support's help and reduced to our expected licensed user count. - huge relief. But now that we are moving to OKTA we are needing to work through NOT having the ability to nest groups...so that sucks...but that's a different story...
@Ash Young In the original Portal-only Customer setup, we were able to use "Organizations" to divide access to different internal customers (Accounting, Customer Service, Sales, etc.). This allowed these organizations to see and monitor tickets that were created by anybody in that organization (and more importantly, not see tickets created by other organizations). With the new Internal Customer setup (JSM - Customer) setup, I do not see a way to easily create this same internal division. This results in me either seeing MY Tickets or ALL Tickets. Am I missing something here?
115 comments