Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Cannot change email for an end user

Lasse H
Lasse H
Contributor
June 15, 2023

We (a software company) allow clients to participate by commenting on Jira issues.

One of our clients has changed positions (new workplace), but still need to access his account and view issues. However, I cannot change his email address, even as an administrator. I can only "suggest changes". This means a mail is sent to his old address, which then (after much work) has been reopened and the mail is then forwarded to his new address.

But now the trouble starts; he had 2FA enabled and then removed the entry in the authentication app.

So when he receives the email with the suggested changes, he's asked to log in, which he can't, because of the 2FA.

How come I - as an administrator - simply cannot change his email address for him? 

All suggestions are welcome!

Answer
Watch
Like Be the first to like this
1261 views

2 answers

0 votes
Lasse H
Lasse H
Contributor
June 19, 2023

Thank you Trudy, but that's an absolutely terrible idea. I don't want to have multiple accounts for the same user. 

I really have trouble understanding why I - as an admin - cannot update a user's email address. It makes zero sense to me.

Reply
0 votes
Trudy Claspill
Trudy Claspill
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 16, 2023

Has your Atlassian Organization claimed the domain specified in the user's email? If not, then you cannot change the users email address in their Atlassian Cloud account because you do not "own" the account.

Either the user owns the account, or the domain used in their email has been "claimed" in Atlassian Cloud by another company. In any case, if the user's email domain is not a domain that you have claimed in your Atlassian Organization then you have no right to modify the account itself.

If the user was using an email address provided to them by an employer to access your system, and they no longer work for that employer, then (in my opinion) the user should not be able to access information that was linked to that account. 

If the former employer wants to allow the user to access the account, and the user is blocked by a MFA authenticator issue, then they probably need to work with that former employer to resolve that issue.

I recommend that you have the user create another Atlassian Cloud account under a different email, and grant them access to your products via their new account. If they need to be able to access the issues they previously had access to, you can search for those issues and add the user's new identity to those issues.

View More Comments
Trudy Claspill
Trudy Claspill
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 19, 2023

Thank you Trudy, but that's an absolutely terrible idea. I don't want to have multiple accounts for the same user. 

I really have trouble understanding why I - as an admin - cannot update a user's email address. It makes zero sense to me.

I don't think I have the depth of knowledge in this particular aspect of the Atlassian Cloud system to explain it to you adequately, but I'll try. If my explanation does not satisfy you, you might want to open a support case directly with Atlassian Support to see if they can provide a more satisfactory answer.

The bottom line is you don't own that user's Atlassian account so you can't change that account. 

Atlassian Cloud accounts are based on email addresses. A company that has its own email can "claim" that domain within the Atlassian Cloud ecosystem and they will subsequently "own" the accounts that use that email domain. They can establish authentication policies for Atlassian Cloud access in general which would be applicable to accounts in their email domain that try to login to Atlassian Cloud.

You would be able to do the same for accounts created from emails that are in the email domain your company has claimed.

After logging in to Atlassian Cloud, then the account may have access to multiple unrelated Atlassian Cloud sites and products. The owners of each of those sites/product establish the Atlassian Cloud accounts that are allowed to access the site/product, but that does not give them ownership of the user account.

For accounts outside of any email domain you have claimed, you have no ownership. Your control is limited to how those accounts are allowed to access your Atlassian Cloud assets. You are not the owner of the account and have no admin rights to it. The account is either owned by the owner of the email domain, or it is owned by the individual.

For instance, I created an Atlassian Cloud account using a Gmail address. Google has not claimed the gmail.com domain within Atlassian Cloud, so I was able to set up an Atlassian Cloud account with that email address and a password of my choosing. I can change the password on that account at any time.

A company I work with has established a presence in the Atlassian Cloud. They have decided that people within their email domain (i.e. xyz.com) need to use their company domain authentication when accessing Atlassian Cloud. Within Atlassian Cloud that company has claimed the domains associated with their company email. That makes them owners of any account that uses their company email domain for Atlassian Cloud access. That company is able to control the password and MFA for such accounts. If you gave me access to your Atlassian Cloud products via that same account, that would not entitle you to make changes to my Atlassian account tied to my trudy@xyz.com email address.

If you want to be able to manage the details of a user's account that user must use an account created based on an email domain that you have claimed.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events