409 error when attempting to update email address via user provisioning

Still need help?

The Atlassian Community is here for you.

Ask the community

For Atlassian eyes only

This article is Work In Progress and cannot be shared with customers.

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

  

Summary

Upon changing a synced managed account's email address via user provisioning, the following message is displayed at the Troubleshooting log tab under User provisioning:

{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"409","scimType":"uniqueness","detail":"Resource [USER]: with email[example@example.com] already exists."


Diagnosis

Since removing the user from a site will not delete the account, it is possible to review it at the organization level. To do so, the following steps can be done:

 It is necessary to be an organization administrator to access this part.

  1. Go to https://admin.atlassian.com and select the organization with the domain verified for the account in question.
  2. Under the organization, select Directory > Managed accounts
  3. Search for the user's account


Can't find the account?

If the account is not visible at the directory level, this might indicate that it is still unverified. In this case, the following can be checked:

  • The account needs to authenticate/log-in at the Atlassian account first in order to be verified.
  • The account needs to confirm its creation in the inbox, which is a process that is part of the Atlassian account creation.
  • The account is not properly linked with the identity provider side, avoiding the authentication to happen and finish the verification.

Cause

Although the email change is performed on the identity provider side, an email address can only be tied to a single Atlassian account. If the change coming from the identity provider points to a different user, the update will not be propagated. To move forward with the change, it is necessary to free the already existing email address. 

Solution

After identifying the account, to free its email address and sync the change one of the alternatives below can be used:


Last modified on Dec 24, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.