Why is the user's email in Jira getting overwritten, if using SAML SSO for user provisioning?
Why is the user's email in Jira getting overwritten?
What is the problem?
If you have configure our SAML Single Sign-On plugin to create and update or even sync users via User Sync it uses the information from the Identity Provider as the source of truth. Any fields that you synchronizing or that map to the SAML responds will always get overwritten if you change them manually. That's just the nature how our plugin works today. If anything changes in the IdP it replicate the change but if you did your change manually it compares those information and take the one from the Identity Provide. After that it will update the information and overwrite it. Nowadays it is just like it is and there is no workaround. There will be a feature in the future.
Learn more here.
How to create or update users through SAML attributes?
Identity Provider Configurations
Set up your Identity Provider to deliver attributes for userid, email address, full name and optional group assignments in the SAML response. The configurations for the Identity Provider attribute mapping is always different. Please check your Identity Provider documentation for further informations/help.
SAML Single Sign On Configurations
Go to the SAML Plugin configuration page.
Enable the checkbox Enable User Creation or Update (Enable user update + Create new users in the newer versions) to activate the creation/update functionality. The enabled checkbox opens the attribute fields for further configurations.
Enter or select the SAML attribute names delivered by the Identity Provider for Userid, Full Name, Email and Group. If you have imported metadata containing friendly names for these attributes, you can use the select boxes.
Save the configurations.
Perform a Single Sign On and check if the user is correctly created/updated by all sent informations from the Identity Provider (SAML Attributes).