Personal gmail account claimed by SSO, can't login anymore.

Seems like an unethical approach by Atlassian. Someone can start with a personal account then get it hijacked by a corp just by having another login?

What if there are TWO enterprise accounts associated with the same account, along with the personal?

"Since Acme has claimed the domain that you're using as one of your saved email credentials, and they have recently enforced SSO for all Trello users in their domain, this means your Trello account is now managed by the Trello Enterprise Acme by way of their SSO enforcement."

^^ No. Not "by way of their SSO enforcement." But by way of Atlassian's half-baked policy that allows an enterprise account to take over a user's personal intellectual property.

It is unacceptable to enforce a policy like this without specifically ALSO enforcing that the enterprise company MUST be specified as the owner of the SPECIFIC BOARDS subject to the SSO-control policy. If it were specific boards, this would be perfectly acceptable. This "borg" like approach that lets an enterprise claim an entire user identity means users DO NOT truly have multiple logins, and that functionality should not even be allowed, if Atlassian cannot be bothered to provide a UI to specify which parent entity (enterprise versus individual user) owns which assets accessible within a single user's login space.

For those who are curious, this was the communication in email thread.

My Reply:
Thanks for getting back to me on this. This is a very bizarre situation. I do not understand a few things here.

Support Team: I've taken a look at your account, and ultimately, the problem is that the email address of your former employer was still attached to the Trello account.

Me: How can a former employer email address be attached to my account? My email was discontinued as I left my workplace a long time back and I have never used that email address. I am very sure I never used it to log in to my account.

Support Team: Because the email address was still on the account, your employer identified it as an account that they should own, and ownership of this Trello account was transferred to your former employer, so no changes can be made to the account, and the company owns that account.

Me: As it is very evident from my login email id, that this account is not owned by the company, wasn't it even considered appropriate to contact me on my email id before transferring the account. How can a company own a private account even if the domain mismatch? How is it not a violation of my privacy terms?

Support Team: Given the account ownership, that's not something that we can do on our end, unfortunately. We can release your personal email which would allow you to create a new account in Trello.

Me: This clearly means I will lose all my data (which is a lot) on my actual account. Looks like it is not a viable solution.

Support Team: In case of any further questions please reach out to the [Comany Name] support team using [Trello support email for comany].

Me: The email to this address bounce back, it is not even active. I am kind of baffled by this situation. Trello is one of my primary tools for organizing information and holds a lot of personal data. Can you please help me resolve this as soon as possible.

Support Team Reply

Thank you for your reply. I also noticed your post in our Community forum - I'll follow up on the thread there, as well, just in case there are other users who might be in the same situation as you are. The answer I'm providing is the same for any Trello user who has an email address on their account that is owned by a Trello Enterprise with enforced SSO.
Right now, you Trello account has 2 email addresses saved as credentials. One of them is your gmail email address and one of them is the email address owned by your former employer, ACME.
I understand your perspective, that having your personal email on file means something - however, the ACME email address is currently on your Trello account as a saved credential. Regardless if the email address still exists right now or not, the email with the ACME claimed domain is on your Trello account as a saved credential. This is the crux of the situation. The ACME Trello Enterprise has enforced SSO, meaning any Trello user with one of their emails as a saved credential must log in with ACME SSO, even if the user also has a personal email address as a saved credential. The reason for this is because The Enterprise has claimed the ACME domain, and therefore, ownership of the Trello accounts containing their credentials, which is something Trello's terms allow Enterprises to do. If you can't log in with their SSO because you no longer have valid credentials with their IdP, I'm afraid you cannot log into the Trello account.
If the company Enterprise Admin consented, then we could remove the Enterprise association from your Trello account, but that's something you'd need to explore with them, if they'd be willing to do that. It's not an uncommon request for Enterprises to hear from former employees in this situation. The support email [Company Trello Support Email] was provided to us by the ACME team, and I'm sorry to hear you got a bounce-back from it. We may recommend to reach out to their HR team, or perhaps try to get connected to a one of the Trello Enterprise admin through any contacts you may still have at the company.
From the Trello support side, we cannot remove the ACME email from your Trello account, nor can we release your account from the Enterprise SSO association. I know that is frustrating for you, and I'm sorry for the inconveniences you've faced in trying to reach ACME about this. If you end up getting in touch with an Enterprise Admin from ACME and they say it's okay for us to remove your account from Enterprise SSO on this thread, we can do that. Without the authorization of an Enterprise Admin, the only option from the Trello support side is to remove your gmail email address from the account so that you can create a new Trello account with it. This would mean that the content within the existing account containing the ACME email address cannot be accessed unless you were to log in with ACME SSO.
If you would like us to remove your gmail email address from the account, you're welcome to request that in a reply anytime.
We'll also be glad to comply with an Enterprise Admin from ACME if they would like to comment on this thread.
Thank you for your understanding, Shashank. Please let me know if you have any additional Trello questions.

Here is a relevant discussion on Hacker News

For Enterprise customers, what happens when two email addresses from different companies are added to a single account? If both companies claim the account, who does it belong to?

Needs resolving, this is concerning and will consider a different tool if there's not an appropriate update.

Where in the Trello interface can I even check what other email addresses are associated with my account?

I have this exact same issue and not able to get in touch with my ACME corp. This just sucks for people like me who used Trello with personal and professional email addresses.

Hey Shashank,

I wanted to follow-up on this Community thread after speaking with you about this topic via email. To protect your privacy, I'm obfuscating the real name of the company in question. Let's call them Acme in this post.

Right now, your Trello account has 2 email addresses saved as credentials. One of them is your gmail email address and one of them is the email address owned by your former employer, Acme.

Since Acme has claimed the domain that you're using as one of your saved email credentials, and they have recently enforced SSO for all Trello users in their domain, this means your Trello account is now managed by the Trello Enterprise Acme by way of their SSO enforcement. Now, any Trello user with one of their emails as a saved credential must log in with Acme SSO, even if the user also has a personal email address as a saved credential. 

If the Acme Enterprise Admin consented, then we could remove the Enterprise association from your Trello account, but that's something the Trello team can't make a decision on - it must come from the Enterprise Admin.

I know it's a frustrating situation, and I'm sorry that we don't have more options to present in terms of workarounds. (The only work around without Enterprise Admin involvement would be for Trello to remove your personal email from your existing account so that you can create a new Trello account.)

If you end up getting in touch with an Enterprise Admin from the company, forward them our 1:1 email thread. If they approve for us to remove your account from their Enterprise SSO connection, please have them comment on our ongoing email thread and we'll be glad to move forward after that.
​
​Thank you for your understanding, Shashank. Please let me know if you have additional questions with regard to Trello Enterprise SSO enforcement, or anything else.

Does Atlassian even care about this thread? This is the most viewed thread on Trello forum and second overall on Atlassian but looks like they just want to ignore it.

This is really bad form by Atlassian!

Guess I am not storing any personal info on Atlassian cloud anymore.

I got hit by the same thing, We "fixed" it by the whole company shutting down all atlassian stuff for an hour, changing the email on my personal account, and then setting up atlassian integration again. Support told me twice that it was impossible before we did that. Good luck getting your old employer to do the same :(

It's outrageous.

I totally agree with all the previous comments. I had to change my old email in my account and I stuck between a changing email and logging into the account with old email. I've never had a possibility to change it though, tickets in support have been unresolved for weeks. My colleague from kcards.ru has the same problem and his situation is more complicated since he's had his company email with thousands of clients. So, a new account seems like a unique solution.

Also happened to me. Personal main email on a Trello account I've probably had for 8 years now but I added a work address at one point and forgot to remove it and Trello told me there was nothing they could do from their end. 

So tried contacting people from my previous employers, from like 5 years ago, and the support request just got lost in the endless red tape of Big Blue. 

Similar situation, glad I was logged in on my phone and was able to create a new user and give me control back of all my boards.

However after reading this I do realise that I should probably delete my old account, which is a shame, if I am concerned about my privacy.

Conferred with a user on Twitter who I found with the same issue and he just made a new Trello account unfortunately.

Same thing happened to me and Atlassian support told me to go pound sand. I had a personal Trello account created years before I worked for the employer in question. Employer adopted Trello on a trial basis (thanks to me and and a colleague who pushed for it as being a good tool.) 

I added my work email as a secondary thinking it was just for notifications and whatnot. I assumed permissioning was handled by boards and teams so it was fine to use a singular account for everything.

A year or so after I left my employer, they signed up with Atlassian enterprise and boom, my entire Trello account was handed over to them. 

Atlassians model of tying legal ownership to any email on the account depending on convenience is terrible and looks like it hasn’t just screwed just me over. I’m also pretty sure it is illegal under Canadian privacy law since this sort of account takeover isn’t provided for in the Terms of Service. However, the only way to enforce that would be legal action which honestly isn’t worth the effort unless something bad happens to the data misappropriated.

I don’t recommend Atlassian products to my employers and clients anymore and usually caution the smaller ones away.

so inappropriate !

Please Atlassian - I'm looking for more reasons NOT to recommend your products to anyone any more.

I didn't think you'd be able to come up with a new way to do it so soon after the last issue, but you have done yourself proud again!

It's time for a new ticket management startup to replace the gap left by Atlassian's new corporate overlords.

#ohtrellno

The exact same thing happened to me; this is the response I got from the Trello support:

I've taken a look at your account, and ultimately, the problem is that the email address of your former employer was still attached to the Trello account. In their recent account claim, this triggered your employer to claim ownership of the Trello account, which is something Trello's terms allow Enterprises to do. Because the email address was still on the account, your employer identified it as an account that they should own, and ownership of this Trello account was transferred to your former employer, so no changes can be made to the account, and the company owns that account.

It sounds like you have personal content in this account that you want access to? Given the account ownership, that's not something that we can do on our end, unfortunately. If the company consented, they could remove your account from all company teams, and then we could remove the Enterprise association, but that's something you'd need to explore with them, if they'd be willing to do that.