Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Current »

If any external user directory such as LDAP is configured in Atlassian application, the behaviour of SAML/OAuth/OpenID SSO will change according to the user directory permission.


Here are the behavioural changes listed for each directory permission type:

  1. Read Only directory

  2. Read Only with Local Groups

  3. Read/Write

Read Only

  1. User Creation:

    • User creation part will be handled by the external directory (AD/LDAP), miniOrange addOn will read synced users and take care of their authentication. If any new user tries to perform SSO, this error message will be shown to the user: "We couldn't sign you in. Please contact Administrator"

  2. User Profiles Mapping:

    • Profile Management and updating attributes will be handled in the external directory.

    • It is recommended to check the Disable Attribute Mapping option in the User Profile tab.

  3. User Group Mapping:

    • The groups of users will be handled in the external directory.

    • It is recommended to check Disable Group Mapping option in the User Group tab

  4. Default Groups:

    • It is recommended to change Assign Default Groups To settings to None

Read Only With Local Groups

  1. User Creation:

    • New users won't be created during SSO. If any user tries to perform SSO, this error message will be shown to the user: "We couldn't sign you in. Please contact Administrator"

  2. User Profiles Mapping:

    • The profile and groups of users will not be updated

    • It is recommended to check the Disable Attribute Mapping option in the User Profile tab.

  3. User Group Mapping:

    • Users can be added to or removed from local Atlassian application groups

    • If you're using On-The-Fly group mapping, the new groups will be created only if the Atlassian application's internal directory is a primary user directory

  4. Default Groups:

    • For the directory users who are logging in for the first time, the local Atlassian groups configured as Default groups in the user directory will be assigned, it is recommended to Change Assign Default Group To settings to All

Read/Write

  1. User Creation:

    • New users will be created in the primary user directory

  2. User Profiles Mapping:

    • The profile of users will be updated

  3. User Group Mapping:

    • The groups of users will be updated

    • If you're using On-The-Fly group mapping, the new groups will be created only in the primary user directory

  4. Default Groups:

    • Local and external directory groups can be assigned as default groups to all users. As all users are treated as existing users, it is recommended to Change Assign Default Group To settings to All

If you are looking for a different kind of behaviour for any User Directory Permission, please reach out using the customer portal.

  • No labels

@ Copyright 2019 miniOrange. All Rights Reserved.