How to Prevent duplication of accounts in Jira Service Management.
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
Understanding Duplication of Accounts
Duplication of accounts occurs when a single user has both an Atlassian account and a portal-only customer account using the same email address on your site. This typically happens if a user is initially invited as a portal-only customer and later an Atlassian account is created for them using the same email. This results in two separate accounts for one user.
This article will help you understand why account duplication happens and provide guidance on preventing it in the future. For detailed information on how duplicate accounts impact permissions and steps to resolve issues for existing accounts, please visit our Permission and Access Issues Due to Duplicate Accounts.
What Controls the Creation of Portal-Only Accounts?
Portal-only account creation is governed by the Customer Access settings within your Atlassian site, specifically when external portal-only customers are permitted. When this setting is enabled, three scenarios can lead to the creation of portal-only customer accounts:
Agents Adding Customers: When agents add users under the "Customers" section of a project.
Request via Email: When users raise a request by sending an email.
- Customers can sign up from portal: Customers access the Help Center and are prompted to sign-up.
For more detailed information on configuring customer access settings, please refer to our guide on Customer Access Settings.
How Do Accounts Get Duplicated?
Account duplication occurs when an Atlassian account is created after a portal-only account already exists. This can happen in several ways:
Manual Addition by Admin: An Atlassian Organization admin manually adds the user, resulting in duplication due to human error. We have a feature request to avoid this:
ID-7151 - Getting issue details... STATUSProvisioning from Identity Provider (IDP): A delay in provisioning can lead to duplication if the user is added from an IDP after a portal-only account has already been created.
Sign-Up via Approved Domains: Users signing up for an Atlassian account through approved domains can cause duplication. This is a common scenario where approved domain access takes precedence.
Portal-only accounts are often created when agents add users via Project > Customers or when customers raise requests by emailing the project's configured address.
However, when accessing the portal, an Atlassian account is automatically created during signup if the user's email domain is approved.
Even if customer access settings have approved domains turned off, the approved domains configured in the Admin Hub take precedence when users access the Help Center. For more details, see our guide on Control how Users get Access to Products.
Customers on approved domains (Jira Service Management only):
Must create an Atlassian account before accessing your help center.
Can join your selected help center with or without an invitation.
Must verify their account every 6 months.
These processes can inadvertently lead to the creation of duplicate accounts
How to Resolve and Prevent Duplicate Account Issues
To effectively manage and prevent duplicate accounts, follow these best practices:
Awareness and Training for Admins: Ensure that admins responsible for user management are well-informed about the processes. They should avoid inviting users who already have a portal-only account to prevent duplication.
Migrating Accounts: When an external customer needs access to internal products like Jira or Confluence, Migrate their Portal-only account to an Atlassian account. This migration helps avoid permission issues and streamlines access management.
Regular Provisioning and Approved Domain access to specific domains: Ensure regular user provisioning and include specific domains as approved domains. This practice ensures users start with an Atlassian account, reducing the chance of duplication.
- Configure Approved domains: Configuring the Approved domains section such that only internal customers are provided with access. You need to be an ORG Admin to perform these changes.
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Products > User access settings > Approved domains.
For a Specific Domain: Select the domain you want to configure. Adjust the settings as needed to prevent duplication.
For Any Domain: If duplicate account issues occur across multiple domains, select Any Domain. A pop-up will appear showing all product roles associated with any domain.
- Allowing the customer role for "Any Domain" enables portal-only customers to sign up using an Atlassian account. For Jira Service Management, remove the Product role provided and change it to No role:
Once the role is removed, customer accounts will be managed according to the Customer Access Setting configuration. Customers will be prompted to either configure their existing portal-only account or create a new portal-only account as needed.
If the above configuration changes do not resolve the duplication problem or if you continue to encounter customers with duplicate accounts, please don't hesitate to contact our support team.