Is there an API endpoint to list the existing authencation policies in order to get their IDs?

Currently I can only get the IDs by "knowing" a managed user that is in a certain policy and calling the endpoint to get the users policy assignment. 

Thank you for continued feedback on this feature request. We have updated the Public APIs to include an API that returns the authentication policies for managed users in an org:

• DAC documentation: https://developer.atlassian.com/cloud/admin/control/rest/api-group-authentication-policies/#api-group-authentication-policies

• Cookbook for usage: Cookbook for authentication policy

Nice feature, but still very much incomplete!

• There's no API to list the authentication policies
• There's no API to list the users in the individual authentication pollicises

This new API is very limited without an API for listing the users in a given policy.

What's even more sad is that Atlassian has all the APIs for this but private.

And there's still the problem that, once a provisioned user is removed from the provisioning, it remains locked in the policy and it cannot be moved to a new policy until it's deleted.

Atlassian, you can do better than this

As our company does not provide SCIM yet, we're in a need adding/removing new/left users automatically.
Not being able for security policies opens a big security hole providing lot of manual work too no man power is available for

Peter

As df03f901140c mentioned , there is a workaround you can use -> the Bulk entry feature. 

Go to the authentication policy you want the users be added > tab members > Add members > Bulk Entry > Select CSV file. Put only the emails on the csv file. And then, hit add members to finish the process and add the users in bulk. 

This is extremely important for identity management and the lack of this feature creates significant cyber risks for your customers. 

This would be really nice, I pay for the security bundle so I can do SSO for my users but have to manually move each new user over to the appropriate authentication policy.

For others looking for this there is a bulk update to import a CSV file in the Authentication Policy so those looking to do a once off mass migration just use the bulk update button.

We need this ability to manage Authentication Policies via admin API. Please expedite. Thanks.

Any ETA?

I have to move 1000+ users now from one policy to another after we have integrated with Azure AD. This feature will really come in handy!

Apart from managing Authentication Policies, at a very least there is no API for information about which Authentication Policy a user belongs. 

+1

We need this ability to Manage Authentication Policies via admin API. Please add this ASAP.

I was going through the organization REST API doc and I thought great we have the get list of policies API to get the authentication policies. But It's sad to know that the authentication policies are not included in this API. 

Please add this support ASAP.

This is actually very important, i was looking for this and then i tumbled here it would be grate to get all the users in a particular policy  via API for automation, for example automatic deactivation of accounts (nologgedin, inactive for 45days for example)  

Pls also add this in the description currently we can export users from the UI via CSV

This is currently the only element that is holding up our automation of complete end to end user creation.

+100 for this...

Having this capability and the ability to add all future and current members of an Atlassian group to a particular security policy should be higher priorities. As it stands the current manual solution is not scalable. 

We have not claimed our other domain names due to this issue.

This is incredibly important for us. We automate External user accounts getting created and deactivated etc. However we need to be able to ensure an easier way that these users are given the correct authentication policy when being created.

We also need this to ensure that users are put into a policy that requires SSO.  We can't enable it on our default policy and we can't set our cloud site to require a specific authentication policy so we are kind of stuck

My 2 cents about this. Having API endopints for each functionality in the UI should be a must and a default implementation as long as documenting a feature for every application especially if SaaS. 

Not having API and not having an automated way to move users from a policy to another one, not even having the possibility to see who is part of what policy in the API is a huge overhead for big companies. I can't ask my team to go and check an interface every day to see if anyone has to be moved to a different policy because otherwise we will be billed additional money even though we are paying for a cloud product already. 

Especially when the Trello in Atlassian Access experience it definitely not enterprise and not aligned to what the experience in Jira and Confluence Cloud have, and there are many manual steps in order to grant people access to the correct policy and grant them a license in Trello.

It is 9 clicks in the UI from when you login in Access and you move one user to a different policy.

Issue created over a year ago, and it is obvious that it's a big need for any big company, yet after a year it's still "gathering interest"...

We have 29,000 users?  How is this not a feature? 

This is required for our Organization too. We need to automatically scope 100s of uses between billable and non-billable. We pay a premium for Atlassian Access (Atlassian being the only SaaS company I have come accross that seems to charge for SSO) and basic features are just not available.

For our organization - we need the APIs to move from default policy which we can't force SSO to the billable / non billable policy.

We need to do it on a regular basis and currently need to use RPA tool for that, which has it's own set of problems.

So API usage is very critical for us.

I didn't want to believe when I was told about the many flaws of Atlassian Access when managing large organizations

This product needs APIs to support automation and scripting.

Anhow, can you please plan this issue and give us an estimated release date?

This needs to be in play. What is the timeline on this? 

Totally necessary

How is this an enterprise product when it doesnt even have API access?!?

There are some serious flaws in how management of policy members can be done for large organizations.

1, When adding user manually to a policy the web UI won't allow pasting text in the user lookup field, and the logic on who is found based on surname, last name or whatever (email does not work at all) is unclear, thus a VERY manual and time consuming task even for a few users.

2, When looking at the policy member list in the web UI you can't search for users, and when several thousands of users are in each policy you have no choice but to (manually) every time export fresh lists of members for each policy and searching in those files instead.

3, There is a REST API but it only allows creating and modifying policies, which would be the only tasks anyone would accept having to do manually, but adding members or listing members which everyone would like to automate in large organizations is not implemented, which should have been the first functionality to be implemented.

All of this need to be fixed, but highest priority must be to fix the REST API so policy members can be listed, added and searched for!

As a global Enterprise company that's in high growth we have both acceleration in terms of acquisitions and internal teams. This makes it so there will be a bunch of exceptions to our default ATL Access authentication policy we will need to handle. 

Right now it's total manual and does cause problems where we are hesitant to allow certain sites to join the company Org due to the fact that this feature among some other user management features are not developed enough. We are a small team that manages ATL and the ability to automate and have control is crucial or we wouldn't be able to operate at the speed we need to. This is why API's for this sort of features are necessary. 

Hopefully this gets prio!

I just came across this omission too.  When I saw there was an API for policies I thought great we can automate adding users to our SSO policy taking a manual step out of our provisioning process but then I discovered that the authentication policies are not included in the API. If an API is not going to be implemented could we at least have an auth policy assignable during Okta provisioning in AA?

100% need this.

At least need the following:

Get list of Policies.

Get users in a policy.

Add user to Policy.

Hi,

We're trying to manage 30,000 and growing users via Access, and we're struggling with the native UI/search functionality, so we're looking to an API so we can systemise checks. Surprising to see such a recently developed tool was not built with an API first approach. The Access UI uses admin/private APIs, however there doesn't seem to be a public equivalent and the API tokens won't auth against the admin/private versions.

CCM

at the very least, please add an option to export /get a list of members in a particular policy.

with several policies with 500+ members each, it's hard to tell who's following which policy, which makes it a security concern