| Info |
|---|
If any external user directory such as LDAP is configured in Atlassian application, the behaviour of SAML/OAuth/OpenID SSO will change according to the user directory permission. |
...
Read Only With Local Groups
...
User Creation:
New users won't be created during SSOUser creation part will be handled by the external directory (AD/LDAP), miniOrange addOn will read synced users and take care of their authentication. If any new user tries to perform SSO, this error message will be shown to the user: "We couldn't sign you in. Please contact Administrator"
User Profiles Mapping:
The profile and groups of users will not be updated
It is recommended to check the Disable Attribute Mapping option in the User Profile tab.
User Group Mapping:
Users can be added to or removed from local Atlassian application groups
If you're using On-The-Fly group mapping, the new groups will be created only if the Atlassian application's internal directory is a primary user directory
Default Groups:
For the directory users who are logging in for the first time, the local Atlassian groups configured as Default groups in the user directory will be assigned, it is recommended to Change Assign Default Group To settings to All
...
If you are looking for a different kind of behaviour for any User Directory Permission or need any help with setting up User Directory permissions, please reach out using the customer portal.
...