-
Suggestion
-
Resolution: Fixed
-
28
-
-
Currently the mapping can't be customized.
Limitations of Azure AD for nested groups
It would be great if it can be customized like SCIM integration.
- is duplicated by
-
- Closed
- is related to
-
- In Progress
[ACCESS-1560] Allow custom attribute mapping for Azure AD sync
We will be adding the ability to sync user principal name (UPN) attributes as the primary identifier for users. This will be available by the end of 2024. We will update this ticket when this is available and provide links to support documentation.
All comments
We are happy to let you know that UPN sync for Entra is now available! We have rolled out to 50% with full launch by the end of this week.
You can find more information here:
https://support.atlassian.com/provisioning-users/docs/set-up-sync-settings/
Please leave comments on this ticket with any questions or clarifications needed in the support documentation, we will make sure to address them.
Thank you!
d056dd6d7b90 For the UPN would we have the ability to store the UPN (and view it in Jira) but not make it the primary user key? We share our UPN with our parent company but our Jira key is our own companies email address. It would be useful to be able to see the UPN but it must not be the key as we do not own the domain in Guard. Our parent company owns that domain in their instance of Guard.
d056dd6d7b90, does this cover the Display Name mapping as well so we can map Atlassian's display name to First + Last?
We will be adding the ability to sync user principal name (UPN) attributes as the primary identifier for users. This will be available by the end of 2024. We will update this ticket when this is available and provide links to support documentation.
For our organization it would be a deal breaker as well UPN would enable us to use our existing nested-AD groups. Without the possibility we can't lever the full potential of AD sync and it remains double-work and unclarity in the org about which existing AD groups can be used in Atlassian and which not.
Nested groups would make permission management much easier and secure!
Being able to specify what the Atlassian Display Name maps to (e.g. First Name + Last Name) is very important for our implementation. Our directory's displayName is set to "Last, First" for legacy software, but we would obviously like Atlassian applications to display names in the more natural "First Last" format. This simple fix would be a significant quality-of-life win.
We have actively started investigating this feature and will provide more updates as we have them.
Please implement this! This is a deal breaker. We use the UserPrincipleName (UPN) field to provide a standardized account/email for use by all users in our managed domain. This allows us to keep our system managed and secure.
We have some users (such as contractors or agents) who use the UPN/account to access our SSO/systems, but they have a different “email” address (UPN is our corporate address and the "email" field is their own.)
Without the ability to pass the UPN instead of the "email" field, we cannot use the nested group feature. Deal breaker.
Thanks,
Mark
Hi,
On our site, we identify users with the same name by including a portion of their UPN (User Principal Name) in the displayName of Atlassian Cloud. This functionality is essential for our Service Desk team.
Without the implementation of this feature request, we will not be able to switch to nested provisioning.
Can you confirm if we can now map the Atlassian user display name properly now? I don't see it in the linked doc, so I assume not.