We notice a wierd new issue after upgrading to Jira Data Center 8.20.
We have an Azure AD directory which is sync every 15minutes in Jira and Set as READ ONLY
When we add new user and add it to goups in Azure AD it gets correctly sync in Jira and associated to that User directory entry
We have then an INternal Directory which is set in second position in User directory setting, in which we have only 2 local admin set for admin task
Since we upgrade to Jira 8.20, we noticed that when a user gets created in Azure AD and sync in Jira , then that same user is also added automatically as part of the Internal Directory with same email.
This was not occuring before and there is not way that a user who do not have admin right is able to create an internal account.
Any idea what is going on ?
It is clear something has change in this sync process as before with same configuration we did not face that behavior
@Ed Letifov _TechTime - New Zealand_ , we are using Mini Orange SSO plugin for years in the same way as well as the Azure AD sync.
We did not have such behaviour before upgrading to Jira 8.20, at the time they introduc the Duplicate Account checking fetaure.
The way we have identified duplicated acount is :
1 - Jira Health status was reporting it
2 - We notice it in the Audit log
3 - We cross check it in database directly
This is Ashwini from miniOrange.
Creating a user after the SSO is one of the features of our SSO App. It might be possible that this functionality is enabled in your environment. However, to verify behavior and debug the root cause please raise a request on the portal here with a detailed description of the issue.
You can also get in touch with us over email at email@example.com.
Hello, @Calderara Serge
1) You may want to delete the screenshot or redact it – after all this is a public forum, you don't want to broadcast usernames, groups, IPs and ports to everyone.
2) To me the bottom set of records in your screenshot looks like SSO app creating a user (since the source is browser, the IP addresses are listed, and suspiciously everything is set to the user's email), while the next two up look like something from the backend e.g. AD Sync.
3) It's possible that the sequence of directories in Jira has changed or is suddenly important to either of the two apps. Reach our to their respective vendors.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event