After 2.0.0 version

After version 2.0.0 when there are changes in group membership, LO now add the user to the access group for every processed request before authorization checks are performed. If the user is not authorized, it will be removed after a certian time.

This means, that you can also configure your SSO (and sometimes it is recommended) to add users to the groups providing application access during authentication with SSO.

You can configure your SSO to

• add the users to the Login Group (only for new users that did not have this group memebership)

• add the users to the Access Group, providing access to them by the SSO.

If the user is added to the Access Group by SSO, but it is not member of the Login Group. LO will remove the user from the access group and its access to the application.

Before 2.0.0 version (< 1.6.5)

While License Optimizer supports integration with Single Sign-On (SSO) solutions, it's important to note that certain restrictions apply to ensure optimal functionality.

SSO implementations should focus solely on handling user authentication, allowing users to access multiple applications, including Jira, with a single set of credentials. However, it is crucial that the SSO solution does not modify the membership of the configured Access group. Any attempts to add or remove users from this group through SSO could result in discrepancies that may impact the proper functioning of License Optimizer.

Introducing changes to this group outside of the License Optimizer environment can lead to inconsistencies between the group members and the users stored in the app's cache.