-
Suggestion
-
Resolution: Unresolved
-
6
-
Problem :
In Azure AD, admins can configure attributes for matching between the source and target systems. The following attribute mapping setup can be configured.
Azure Active Directory Attribute | AtlassianCloud Attribute | Matching precedence |
---|---|---|
emails[type eq "work"].value | 1 | |
userName | 2 |
In this specific setup, Azure will try to query the emails[type eq "work"].value SCIM attribute for matching purposes but this will fail because we do not support this filter on Atlassian side.
Resource : https://api.atlassian.com/scim/directory/DIR_ID/scim/Users?filter=emails[type+eq+"work"].value+eq+"user@email.com"
Operation: GET
Response Status Code: BadRequest
This is quite confusing for admins for the following reasons
- userName is a supported filter on SCIM but there is no userName attribute on the Atlassian Accounts. The SCIM username value is not easily visible to Atlassian organization administrators.
- emails[type eq "work"].value is the attribute that dictates the email address value for the Atlassian account. This is visible to Atlassian organization administrators.
Suggestion :
Support emails[type eq "work"].value as a filter on the SCIM Users endpoint
Workaround
Do not match the emails[type eq "work"].value attribute in Azure AD attribute mapping.
Azure Active Directory Attribute | AtlassianCloud Attribute | Matching precedence |
---|---|---|
userName | 1 | |
emails[type eq "work"].value | <EMPTY> |
[ACCESS-1424] Support the SCIM user filter for 'emails[type eq "work"].value'
Support reference count | Original: 5 | New: 6 |
Support reference count | Original: 4 | New: 5 |
Labels | New: guard-s8 |
Support reference count | Original: 3 | New: 4 |
Support reference count | Original: 2 | New: 3 |
Support reference count | Original: 1 | New: 2 |
Description |
Original:
h3. *Problem* :
In Azure AD, admins can configure attributes for [matching|https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#matching-users-in-the-source-and-target--systems] between the source and target systems. The following attribute mapping setup can be configured. ||Azure Active Directory Attribute||AtlassianCloud Attribute||Matching precedence|| |userPrincipalName|emails[type eq "work"].value|1| |userPrincipalName|userName|2| In this specific setup, Azure will try to query the _emails[type eq "work"].value_ SCIM attribute for matching purposes but this will fail because we do not support this filter on Atlassian side. {code:java} Resource : https://api.atlassian.com/scim/directory/DIR_ID/scim/Users?filter=emails[type+eq+"work"].value+eq+"user@email.com" Operation: GET Response Status Code: BadRequest {code} This is quite confusing for admins for the following reasons * _userName_ is a supported filter on SCIM but there is no userName attribute on the Atlassian Accounts. The SCIM username value is not easily visible to Atlassian organization administrators. * _emails[type eq "work"].value_ is the attribute that dictates the email address value for the Atlassian account. This is visible to Atlassian organization administrators. h3. *Suggestion :* Support _emails[type eq "work"].value_ as a filter on the [SCIM Users endpoint|https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-group-users] h3. *Workaround* Do not match the _emails[type eq "work"].value_ attribute in Azure AD attribute mapping. ||Azure Active Directory Attribute||AtlassianCloud Attribute||Matching precedence|| |userPrincipalName|userName|1| |userPrincipalName|emails[type eq "work"].value|<EMPTY>| |
New:
h3. *Problem* :
In Azure AD, admins can configure attributes for [matching|https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#matching-users-in-the-source-and-target--systems] between the source and target systems. The following attribute mapping setup can be configured. ||Azure Active Directory Attribute||AtlassianCloud Attribute||Matching precedence|| |mail|emails[type eq "work"].value|1| |mail|userName|2| In this specific setup, Azure will try to query the _emails[type eq "work"].value_ SCIM attribute for matching purposes but this will fail because we do not support this filter on Atlassian side. {code:java} Resource : https://api.atlassian.com/scim/directory/DIR_ID/scim/Users?filter=emails[type+eq+"work"].value+eq+"user@email.com" Operation: GET Response Status Code: BadRequest {code} This is quite confusing for admins for the following reasons * _userName_ is a supported filter on SCIM but there is no userName attribute on the Atlassian Accounts. The SCIM username value is not easily visible to Atlassian organization administrators. * _emails[type eq "work"].value_ is the attribute that dictates the email address value for the Atlassian account. This is visible to Atlassian organization administrators. h3. *Suggestion :* Support _emails[type eq "work"].value_ as a filter on the [SCIM Users endpoint|https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-group-users] h3. *Workaround* Do not match the _emails[type eq "work"].value_ attribute in Azure AD attribute mapping. ||Azure Active Directory Attribute||AtlassianCloud Attribute||Matching precedence|| |mail|userName|1| |mail|emails[type eq "work"].value|<EMPTY>| |
Support reference count | New: 1 |
Description |
Original:
*Problem* :
In Azure AD, admins can set up attributes for [matching purposes|https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#matching-users-in-the-source-and-target--systems] between the source and target systems. The following attribute mapping setup can be configured. ||Azure Active Directory Attribute||AtlassianCloud Attribute||Matching precedence|| |userPrincipalName|emails[type eq "work"].value|1| |userPrincipalName|userName|2| In this specific setup, Azure will try to query the *emails[type eq "work"].value* SCIM attribute for matching purposes but this fail because we do not support this filter on Atlassian side. {code:java} Resource : https://api.atlassian.com/scim/directory/DIR_ID/scim/Users?filter=emails[type+eq+"work"].value+eq+"user@email.com" Operation: GET Response Status Code: BadRequest {code} This is quite confusing for admins for the following reasons * userName is a supported filter on SCIM but there is no userName attribute on the Atlassian Accounts * *emails[type eq "work"].value* is the attribute that email address value for the Atlassian account. *Suggestion :* Support the ** *emails[type eq "work"].value* as a filter on the [SCIM Users endpoint|https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-group-users]{*}{*} *Workaround* Do not match *emails[type eq "work"].value* in Azure AD attribute mapping. ||Azure Active Directory Attribute||AtlassianCloud Attribute||Matching precedence|| |userPrincipalName|userName|1| |userPrincipalName|emails[type eq "work"].value|<EMPTY>| |
New:
h3. *Problem* :
In Azure AD, admins can configure attributes for [matching|https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#matching-users-in-the-source-and-target--systems] between the source and target systems. The following attribute mapping setup can be configured. ||Azure Active Directory Attribute||AtlassianCloud Attribute||Matching precedence|| |userPrincipalName|emails[type eq "work"].value|1| |userPrincipalName|userName|2| In this specific setup, Azure will try to query the _emails[type eq "work"].value_ SCIM attribute for matching purposes but this will fail because we do not support this filter on Atlassian side. {code:java} Resource : https://api.atlassian.com/scim/directory/DIR_ID/scim/Users?filter=emails[type+eq+"work"].value+eq+"user@email.com" Operation: GET Response Status Code: BadRequest {code} This is quite confusing for admins for the following reasons * _userName_ is a supported filter on SCIM but there is no userName attribute on the Atlassian Accounts. The SCIM username value is not easily visible to Atlassian organization administrators. * _emails[type eq "work"].value_ is the attribute that dictates the email address value for the Atlassian account. This is visible to Atlassian organization administrators. h3. *Suggestion :* Support _emails[type eq "work"].value_ as a filter on the [SCIM Users endpoint|https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-group-users] h3. *Workaround* Do not match the _emails[type eq "work"].value_ attribute in Azure AD attribute mapping. ||Azure Active Directory Attribute||AtlassianCloud Attribute||Matching precedence|| |userPrincipalName|userName|1| |userPrincipalName|emails[type eq "work"].value|<EMPTY>| |