• 19
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      At the moment, provisioning in cloud requires different services to work together to sync the group membership data into a cloud site. As such the group membership changes on the IDP side may sometimes not take effect immediately on the Atlassian cloud site.

      Suggestion:

      • Provide a way to notify the end-users once the group membership changes have been applied on the cloud site. This is to indicate that the end-user has the proper license/permission to access data.
      • Provide a way to notify admins when there is an issue/error with IDP SCIM provisioning
      • Notify admins whenever accounts are provisioned or deactivated.

            [ACCESS-1208] Notification service for SCIM provisioning

            It's pretty terrible that there's no notification when provisioning breaks.

            jlevine@intermedia.net added a comment - It's pretty terrible that there's no notification when provisioning breaks.

            Agreed thius wold be useful - all to often users will raise their access reqeust via a different system (ours is called SailPoint IIQ). This handles the users line manager and group approvals, and once those approvals are complete the user receive notifcation - at this point they try to access their Atlassian product and are greeted with an error (from the IDP at this point, which is Azure AD)...

            So what happens - they log an incident against Atlassian..

             

            The reality is IIQ has not yet sync'd with Azure, and Azure has not yet sync'd to Atlassian via provisioning (which is a 40 minute cycle). 

             

            Having some notiication from Atlassian won't immediately solve this problem for eager (or impatient) users but it will help.

             

             

            Dale Fernandes added a comment - Agreed thius wold be useful - all to often users will raise their access reqeust via a different system (ours is called SailPoint IIQ). This handles the users line manager and group approvals, and once those approvals are complete the user receive notifcation - at this point they try to access their Atlassian product and are greeted with an error (from the IDP at this point, which is Azure AD)... So what happens - they log an incident against Atlassian..   The reality is IIQ has not yet sync'd with Azure, and Azure has not yet sync'd to Atlassian via provisioning (which is a 40 minute cycle).    Having some notiication from Atlassian won't immediately solve this problem for eager (or impatient) users but it will help.    

              maho Matthew Ho (Inactive)
              rmacalinao Ramon M
              Votes:
              15 Vote for this issue
              Watchers:
              20 Start watching this issue

                Created:
                Updated: