This feature is now in development. 

Hi e902c0832f88, 

my customer ABB Poland came back to me asking for an update. 

I asked my contact to provide details on their use case and the severity for them. Please note the following:

In ABB the use case is to separate External Users with those with API access and those without API access, and test policy allows us to add only 5 members, which is limiting our needs.

Priority: high

It would help a lot to hear your timely feedback as ABB Poland has recently upgraded to the cloud and ABB Headquarters has lined up additional subsidiaries (Germany, Italy and Singapore) for an upgrade. And we would like to be as responsive as possible. Even if the timeline is a bit down the road. At least they then know and can decide on next steps

We have 1000 externals on our system from dozens of companies. One external policy is very limiting.

Related issues: ID-8532 and ACCESS-1612

Similar to others, we have 400 external users, each with different IDP's(Entra, Google, none) so I need the ability to push certain external users to a policy that they can utilize and the rest into OTP.  If I'm forced to choose I currently only can setup OTP.  This needs action.

We need this urgent too and have been waiting since month for a solution. I don't know why Atlassian implemented it so badly by only leaving one option?

We are an enterprise sized organization. We provide services to similar enterprise sized organizations. We would like to cooperate with them in Jira for ticketing.

Currently we cannot have SSO setup for our different customers, as one IDP has to be chosen for all external users. 

If we setup SSO, and even one of our customer is unable / unwilling to use it, we cannot onboard them to JIRA.

Atlassian advertise its products with huge efficiency gain. If we cannot use Federated Identity Management and manually has to manage hundreds of users, we won't see any gain. This functionality is not adequate on enterprise level.

For each IDP we should be able to set SSO / OTP separately or a setting that the SSO is provided by the IDP the user is provisioned from.

eee30c920d0f Our organization would use IDP groups to better control the access for external users, but I don't see why the functionality should be any different then the Managed Users. Are you still in the information gathering stage for this change, or can we expect any delivery of this functionality soon? Thanks in advance.

eee30c920d0f I would just like to see an additional policy, where we can add users manually (or via CSV). IDP groups would be a nice feature, but we dosnt need it right now. Its important for us to have another policy in place immediately so we can get started with our first customer.

Understood and we have all or none today (except for the test policy which is very limited). Hypothetically how would go incremental? If we decide to support this in the future, how would you plan to roll this out? Would you use Identity provider Groups / Roles / Domain levels or just use a CSV file with a list of users? 

we would like to switch our user policy for our external users to SSO, but we would like to do this step by step for each customer without having a big-bang. This is currently not possible because there are only two policies and the one of them - the test policy - only allows a maximum of five members.