Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why New user gets automatically added to Internal Directory after an AD sync

Calderara Serge
Calderara Serge May 11, 2022

Dear all,

We notice a wierd new issue after upgrading to Jira Data Center 8.20. 

We have an Azure AD directory which is sync every 15minutes in Jira and Set as READ ONLY
When we add new user and add it to goups in Azure AD it gets correctly sync in Jira and associated to that User directory entry

We have then an INternal Directory which is set in second position in User directory setting, in which we have only 2 local admin set for admin task

 

PROBLEM :
Since we upgrade to Jira 8.20, we noticed that when a user gets created in Azure AD and sync in Jira , then that same user is also added automatically as part of the Internal Directory with same email.

This was not occuring before and there is not way that a user who do not have admin right is able to create an internal account.

Any idea what is going on ?

It is clear something has change in this sync process as before with same configuration we did not face that behavior

regards

Answer
Watch
Like Be the first to like this
378 views

1 answer

0 votes
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 11, 2022

Hello, @Calderara Serge 

Are you absolutely sure there is no some app e.g. SSO app involved?

How exactly did you identify that a user record is created in the internal directory?

View More Comments
Calderara Serge
Calderara Serge May 12, 2022

@Ed Letifov _TechTime - New Zealand_ , we are using Mini Orange SSO plugin for years in the same way as well as the Azure AD sync.

We did not have such behaviour before upgrading to Jira 8.20, at the time they introduc the Duplicate Account checking fetaure.

The way we have identified duplicated acount is : 

1 - Jira Health status was reporting it

2 - We notice it in the Audit log

3 - We cross check it in database directly

 

Like
Ashwini_More _miniOrange
Ashwini_More _miniOrange May 12, 2022

Hi @Calderara Serge

This is Ashwini from miniOrange.

Creating a user after the SSO is one of the features of our SSO App. It might be possible that this functionality is enabled in your environment. However, to verify behavior and debug the root cause please raise a request on the portal here with a detailed description of the issue.

You can also get in touch with us over email at info@xecurify.com.

 

Thanks,
Ashwini

Like
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 12, 2022

Hello, @Calderara Serge 

1) You may want to delete the screenshot or redact it – after all this is a public forum, you don't want to broadcast usernames, groups, IPs and ports to everyone.

2) To me the bottom set of records in your screenshot looks like SSO app creating a user (since the source is browser, the IP addresses are listed, and suspiciously everything is set to the user's email), while the next two up look like something from the backend e.g. AD Sync.

3) It's possible that the sequence of directories in Jira has changed or is suddenly important to either of the two apps. Reach our to their respective vendors.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events