-
Suggestion
-
Resolution: Done
-
135
-
At this moment, we do not have admin API endpoints to manage Atlassian Organization authentication policies.
It will be desired to have API endpoints covering these points:
- Adding and removing users to a specific authentication policy.
- Change configurations for authentication policy.
- is related to
-
- Gathering Interest
- relates to
-
- Gathering Interest
-
ENT-316 Loading...
- mentioned in
-
Page Failed to load
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[ACCESS-1044] Manage Authentication Policies via admin API
Thank you for continued feedback on this feature request. We have updated the Public APIs to include an API that returns the authentication policies for managed users in an org:
- DAC documentation: https://developer.atlassian.com/cloud/admin/control/rest/api-group-authentication-policies/#api-group-authentication-policies
- Cookbook for usage: Cookbook for authentication policy
All comments
Thank you for continued feedback on this feature request. We have updated the Public APIs to include an API that returns the authentication policies for managed users in an org:
- DAC documentation: https://developer.atlassian.com/cloud/admin/control/rest/api-group-authentication-policies/#api-group-authentication-policies
- Cookbook for usage: Cookbook for authentication policy
Nice feature, but still very much incomplete!
- There's no API to list the authentication policies
- There's no API to list the users in the individual authentication pollicises
This new API is very limited without an API for listing the users in a given policy.
What's even more sad is that Atlassian has all the APIs for this but private.
And there's still the problem that, once a provisioned user is removed from the provisioning, it remains locked in the policy and it cannot be moved to a new policy until it's deleted.
Atlassian, you can do better than this 
The Public API's for adding users in auth policies are now available:
- DAC documentation: https://developer.atlassian.com/cloud/admin/control/rest/api-group-authentication-policies/#api-group-authentication-policies
- Cookbook for usage: Cookbook for authentication policy
As our company does not provide SCIM yet, we're in a need adding/removing new/left users automatically.
Not being able for security policies opens a big security hole providing lot of manual work too no man power is available for
Peter
As df03f901140c mentioned , there is a workaround you can use -> the Bulk entry feature.
Go to the authentication policy you want the users be added > tab members > Add members > Bulk Entry > Select CSV file. Put only the emails on the csv file. And then, hit add members to finish the process and add the users in bulk.
This is extremely important for identity management and the lack of this feature creates significant cyber risks for your customers.
This would be really nice, I pay for the security bundle so I can do SSO for my users but have to manually move each new user over to the appropriate authentication policy.
For others looking for this there is a bulk update to import a CSV file in the Authentication Policy so those looking to do a once off mass migration just use the bulk update button.
Is there an API endpoint to list the existing authencation policies in order to get their IDs?
Currently I can only get the IDs by "knowing" a managed user that is in a certain policy and calling the endpoint to get the users policy assignment.