Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,295,421
Community Members
 
Community Events
165
Community Groups

Why New user gets automatically added to Internal Directory after an AD sync

Dear all,

We notice a wierd new issue after upgrading to Jira Data Center 8.20. 

We have an Azure AD directory which is sync every 15minutes in Jira and Set as READ ONLY
When we add new user and add it to goups in Azure AD it gets correctly sync in Jira and associated to that User directory entry

We have then an INternal Directory which is set in second position in User directory setting, in which we have only 2 local admin set for admin task

 

PROBLEM :
Since we upgrade to Jira 8.20, we noticed that when a user gets created in Azure AD and sync in Jira , then that same user is also added automatically as part of the Internal Directory with same email.

This was not occuring before and there is not way that a user who do not have admin right is able to create an internal account.

Any idea what is going on ?

It is clear something has change in this sync process as before with same configuration we did not face that behavior

regards

1 answer

Hello, @Calderara Serge 

Are you absolutely sure there is no some app e.g. SSO app involved?

How exactly did you identify that a user record is created in the internal directory?

@Ed Letifov _TechTime - New Zealand_ , we are using Mini Orange SSO plugin for years in the same way as well as the Azure AD sync.

We did not have such behaviour before upgrading to Jira 8.20, at the time they introduc the Duplicate Account checking fetaure.

The way we have identified duplicated acount is : 

1 - Jira Health status was reporting it

2 - We notice it in the Audit log

3 - We cross check it in database directly

 

Hi @Calderara Serge

This is Ashwini from miniOrange.

Creating a user after the SSO is one of the features of our SSO App. It might be possible that this functionality is enabled in your environment. However, to verify behavior and debug the root cause please raise a request on the portal here with a detailed description of the issue.

You can also get in touch with us over email at info@xecurify.com.

 

Thanks,
Ashwini

Hello, @Calderara Serge 

1) You may want to delete the screenshot or redact it – after all this is a public forum, you don't want to broadcast usernames, groups, IPs and ports to everyone.

2) To me the bottom set of records in your screenshot looks like SSO app creating a user (since the source is browser, the IP addresses are listed, and suspiciously everything is set to the user's email), while the next two up look like something from the backend e.g. AD Sync.

3) It's possible that the sequence of directories in Jira has changed or is suddenly important to either of the two apps. Reach our to their respective vendors.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you