The user provisioning feature provided by Atlassian Access allows organizations to centralized their group membership management via a third party AD.

• Provisioned groups can be configured for product access settings (license)
• Provisioned groups can be configured for application administration settings
• Provisioned groups can be configured for application permission settings

What is left to completely offload the group membership maintenance is the site-admin role. Organizations need to maintain a list of site-admin users locally on the cloud site instead of via a third party AD.

Suggestion : When user provisioning is enabled, allow the site-admin role to be assigned to a custom provisioned group.