Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions docs/organization/authentication/sso/azure-sso.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,19 @@ If you change your organization slug, you'll need to make the same update in the

- If you made changes, click "Save Settings" to complete your setup.

### Self-Hosted Installation

If you created an account in Sentry using the same email as your Azure/Entra ID account before configuring SSO, the invitation email may not arrive (for non-public instances), leaving the account unlinked. This process requires a colleague (User B) who can log in via SSO and temporarily take over ownership.

1. Log in to your self-hosted Sentry instance using your existing account — we'll call this User A.
2. Ask someone else to log in through SSO and confirm it creates a new account for them — we'll call this User B.
3. User A needs to assign the "Owner" role to User B.
4. User B needs to remove User A's account from the Sentry instance.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The SSO workaround documentation instructs an admin to remove a user account without warning that this action is destructive and causes irreversible data loss.
Severity: HIGH

Suggested Fix

Add a prominent warning or callout in the documentation before the step that instructs the administrator to remove the user account. This warning should clearly state that the action is destructive, irreversible, and will result in the permanent loss of all data associated with that user account.

Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location: docs/organization/authentication/sso/azure-sso.mdx#L91

Potential issue: The documentation for an Azure SSO workaround instructs an
administrator to remove a user's account from the Sentry instance as part of the
process. However, it fails to include a warning that this is a destructive and
irreversible action. Performing this step will result in the permanent loss of the
user's associated data, including API tokens, saved searches, and dashboards. The
subsequent step involves creating a new account via SSO, not restoring the original one,
making the data loss permanent.

Did we get this right? 👍 / 👎 to inform future reviews.

5. User A logs in through SSO. If prompted to merge accounts, choose "No, thanks". The new account should now be properly created and linked to the Azure account. You may need to use incognito mode, or clear all browser cookies and session data, before logging in.
6. User B can re-assign the "Owner" role back to User A.

Credits to [Adamar_Work on Discord](https://discord.com/channels/621778831602221064/796028405833007104/1483484392239398954) for the solution.

## SCIM Integration

<Alert>
Expand Down
Loading