This issue could be faced if the user is not assigned to any of the groups with Global Permissions. The default groups with Global Permissions are –
- JIRA – jira-software-user, jira-developer
- Confluence – confluence-user, confluence-developer
- Bitbucket – stash-user
This can be fixed by configuring groups with Global permissions for the user in the User Groups tab. Depending on the method used for group mapping the settings to be configured are –
1. Manual Group mapping –
For Manual Group mapping at-least one of the groups coming from Identity Provider should be mapped to a group with Global Permissions in the Service Provider.
2. On-The-Fly Group mapping –
There are two ways to make sure that the user is added to a group with Global Permissions for On-The-Fly Group mapping :
- Manually add the user to required groups in the service provider User settings, then in the User groups tab uncheck the option Keep Existing User Groups and add the required groups to the Exclude Groups field.
- Give Global Permissions to at-least one of the groups coming from identity provider by going to General Settings > Global Permissions in the service provider.
An alternative to the above methods could be to add at least one group with Global Permissions to the Default Groups field so that the user is assigned to the required groups upon SSO.
Note: To check which groups have Global Permissions or to give the permissions to your own groups, go to the General Settings > Global Permissions.