This page originally appeared on confluence.atlassian.com and was first published in February 2020.
We are integrating Trello managed accounts with your Atlassian organization. If you’re an organization admin, read on for more details of how this integration impacts your organization and how to manage your Trello users throughout this process.
In early 2020 we began the process of integrating Trello with Atlassian accounts. This integration enables organization admins to view and manage their organization’s Trello users from admin.atlassian.com, in a similar manner as their Jira and Confluence users.
As an organization admin, you will be able to edit, deactivate, and delete these managed accounts and profile changes will be reflected within Trello. Your organization’s authentication policies (SAML single sign-on, enforced two-step verification, password policy, etc.) will automatically apply to their accounts.
If your organization has SAML configured, these Trello users must have a user identity in your identity provider to be able to log in with SAML.
Only Trello accounts using a company email with a verified domain are impacted, and their accounts will soon be immediately visible and manageable from your organization.
In the past, we’ve allowed these Trello users to voluntarily connect their Trello accounts to their Atlassian account from a banner on Trello in their web browser. Moving forward, users' Trello accounts will be automatically connected to their managed Atlassian account. We will create an Atlassian account for any users that do not already have one, and those users will receive an email informing them that an Atlassian account has been created for them. Users who are logged in to Trello will stay logged in and be prompted to finish connecting their Trello account to their Atlassian account. If users don’t finish this onboarding process while logged in, they will need to finish the process the next time they try to log back in. You can learn about the end-user onboarding experience in the Trello end-user experience section of this doc.
This change will not affect:
Trello users with only personal emails on their account or only emails in domains that are not verified
Trello Enterprise users that are already claimed by a Trello Enterprise admin
To audit Trello users in your organization before Jun 22, 2020, use the following steps:
We have added a CSV file you can download to get details on Trello users that are new to your managed accounts. To download the CSV file:
Go to your organization at admin.atlassian.com.
Click Directory > Managed accounts.
From the message at the top, click Export accounts with Trello product access.
To audit Trello users in your organization after Jun 22, 2020 , use the following steps:
Go to your organization at admin.atlassian.com.
Click Directory > Managed accounts.
Click the Export accounts button.
If you want to retain control over your Trello users, you don’t need to do anything. You can view and manage these Trello users from your organization directory.
If you do not want to manage your Trello users from the context of your organization, you can do the following:
Ask your end users to remove your company’s email address. You can change your Trello users' email addresses from admin.atlassian.com to a users’s non-Company owned email address. This will effectively un-manage those users and they will not count towards your Access bill. You should work with your user to determine the best non-Company owned email address for their Trello account. You can learn more about working with your users to change their email addresses in the Working with your Trello users section of this doc.
Deactivate your Trello users before June 1. When you deactivate a user, they’ll immediately lose access to all of their Atlassian products, including Trello. To keep using Trello, they will have to create a new account on another email address. That account would not have access to the boards on the organization-owned Atlassian account that you deactivated. You can learn more about deactivating your users in the Deactivating Trello access for users with access to multiple products section of this doc.
We don't recommend you delete your users. Deleting your Trello users could result in their account and boards, including personal boards, being permanently deleted. Furthermore, deleting users isn’t an effective way to prevent Trello usage because users can sign back up for Trello with the same email.
If a user only uses Trello and doesn’t use any of your other Atlassian products, we will count them towards your Atlassian Access bill.
If you don’t want to pay for these additional users, you can change their email addresses to a non-company owned email address or deactivate their accounts. Either action will remove them from your Atlassian Access bill. Read more about how Trello impacts your Access bill. You can learn more about changing users' emails addresses or deactivating users in the Preventing your Trello users from using Trello with a company account section of this doc.
If your organization uses SAML single sign-on, your Trello users must have a user identity in your identity provider to be able to log in with SAML. Otherwise, they may run into an error when trying to authenticate via your identity provider.
Some users may have personal as well as work content in their Trello accounts. Deactivating those users' accounts would result in them losing access to all of their content in all Atlassian products, including their personal content.
If you don’t mind those users having access to Trello for personal content, you can change their email from admin.atlassian.com to non-company owned email address to un-manage them, rather than deactivating. This will ensure that they can continue to use Trello for personal use cases, while still removing them from your Access bill and organization.
Please note that changing a user’s email to a non-company owned email address to un-manage them will only work if:
they have completed the onboarding steps shown above in the Trello end-user experience section of this doc. If they have not yet completed those steps, work with your users to ensure they have completed the steps first, and then change their email address to a personal one.
users are not provisioned via SCIM. If you use SCIM to provision users, you will need to deactivate those users and create new Atlassian accounts for those users in your identity provider. Then, you can give the new Atlassian accounts access to the products you want those users to have.
Trello users that were using company-owned email addresses will be unable to login to Trello if you have deactivated their account. If these users contact support, we will provide them with your contact information so that you can work with them to reactivate their account and change it to a personal, non-company owned email address. Alternatively, you can proactively work with users to change their emails to a personal email address from admin.atlassian.com rather than deactivating them.
While working with your users to change their email addresses, or deactivating them, will ensure they they lose access to Trello, they may also lose access to the other Atlassian products in your organization. For example, if someone is a user of both Jira Service Desk and Trello, you will not be able to disable their Trello access while retaining their Jira Service Desk access.
One solution to this issue is to deactivate the account and create a new one with a different work email address, and give it access to the non-Trello products you’d like the user to have access to. However, the Trello user will both lose access to all of their Trello content, and still be able to sign back up for Trello with the new work email address at any point, so you may need to work with end-users to move their personal boards off of their managed account and to refrain from signing up for Trello on their managed work email address.
There are two ways to prevent users from signing up for Trello in the future.
If you use SAML SSO in your organization, you can remove the user’s work email address from your Identity Provider. If you do this, the user will be unable to login to Trello, which will prevent them from signing up with the same email address in the future. However, this will also mean that the user is unable to login to other Atlassian products in your organization.
Whether or not you use SSO, you can deactivate their Atlassian account from admin.atlassian.com. This will ensure that users are unable to access Trello in the future with the same email address, but will also mean they can’t access any other Atlassian products in your organization.
It is not possible to prevent users from signing up for Trello in the future with their work email address without also removing their access to other Atlassian products that they use the same account with. If you need the user to retain access to other products, they will be able to sign up for Trello again in the future. If a user signs up for Trello with their managed work email address, they will show up in your organization administration settings at admin.atlassian.com. At that point, you can work with the user to change their email address to un-manage them, or deactivate them.
So far, we have covered:
Working with your users to change their email addresses to a personal email address, so that they are un-managed and removed from your Access bill and organization administration panels.
Deactivating a user’s Atlassian account to remove their access from Trello (and all other Atlassian products) and prevent them from signing up for Trello in the future.
Removing users from your Identity Provider to ensure that they are unable to login to Trello (and all other Atlassian products) now and in the future.
These three options are preferable to deleting Trello users' accounts because they prevent users from losing access to their personal content and from signing up for Trello again in the future. Deleting accounts may, in rare cases, make sense if you require that all of the user’s Trello content be destroyed. Note that this may include all of the user’s personal Trello content as well as work content associated with that account, depending on how the user was using Trello.
If Trello users contact Atlassian about losing their content or about their account being deleted, we will provide them with the contact information of their organization admins to recover their content. After 14 days, admins will not be able to undo an account deletion, and we will not be able to recover any content that was destroyed through the deactivation.
The rest of this post has answers to commonly-asked questions about the Trello end-users' experience.
Starting in June 2020, domain-claimed Trello users will see a banner when they use Trello from a web browser. The exact experience that users see depends on whether:
They are already logged in to Trello
They have not yet logged in to Trello
If they are logged into Trello already, they can finish setting up their Atlassian account by following the instructions they’ll see in a banner.
1. We let your users know about their new Atlassian account.
2. After clicking Continue in the previous screen, they will see a button to authenticate their Atlassian account.
3. After clicking Continue in the previous screen, we’ll direct your users to an Atlassian account login or signup page.
4. Once they’ve logged in or signed up for their Atlassian account, we return them to Trello where they can see their new Atlassian account profile that displays in all Atlassian cloud products they use.
5. If they were unable to complete the flow in steps 1-4, they can complete it anytime by clicking the banner at the top of the screen.
They will need to finish setting up their Atlassian account the next time they try to log in to Trello.
1. When they try to log in to Trello they will see a message informing them that they can’t log in and that we’ve sent them an email with instructions.
2. That email will explain that their account is now managed, and will provide a link to finish setting up their managed account. Following that link will launch a short process to connect their accounts.
If you enforce SSO for your managed accounts, then users will be blocked from completing these steps, and will see an error from your company’s SSO provider (like Okta). They may have to contact you and ask to be added to your organization’s group in your SSO provider. Once you have added those users to your SSO provider, they will be able to complete the steps and log in with SSO.
3. We let your users know about their new Atlassian account.
4. After clicking Continue in the previous screen, they will see a button to authenticate their Atlassian account.
5. After clicking Continue in the previous screen, we’ll direct your users to an Atlassian account login or signup page.
6. Once they’ve logged in or signed up for their Atlassian account, we return them to Trello where they can see their new Atlassian account profile that displays in all Atlassian cloud products they use.
Caitlin Cecic
5 comments