[ACCESS-648] Add the ability to provision unmanaged users through the user-provisioning feature

Type: Suggestion
Resolution: Fixed
Component/s: IdP SSO - Google Cloud (G Suite)
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Release Update

Hi Everyone,

I'm pleased to announce that we have shipped this feature request. If you configured your SCIM connection after November 15, 2020, your SCIM connection supports syncing unmanaged users. All user in your identity provider group will sync to Atlassian

If your SCIM connection was configured before November 15, 2020 you will need to opt-in to this feature. You can find more information about opting in on this blog post https://confluence.atlassian.com/cloud/blog/2021/01/easily-provision-users-from-outside-your-verified-domain-to-atlassian-products

Thanks,
Narmada Jayasankar
Product Manager, Atlassian Access

Problem Definition

Users may often want to use the user-provisioning feature to provision not only their managed users but also third-party users which they don't own the domain but are part of their IdPs userbase.
Not being able to provision those users forces these customers into manually inviting them which can be painful depending on the size of their userbase.

Suggested Solution

Add the ability to provision unmanaged users into the user-provisioning feature.

Our ask to customers who would like to use this – please share with us the following input so that we understand the use cases more accurately:

1. Roughly, the number of users you plan to provision and manage from your IdP:

of managed users
of external users

2. Which IdP you (plan to) use:

is duplicated by

ACCESS-632 Ability to provision external users from non-verified domains to Atlassian cloud products

Closed

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load; Page Failed to load; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(7 mentioned in)

Roopa Dass added a comment - 25/Sep/2023 9:38 AM

Hi Team- What are the advantages between syncing unmanaged users through SCIM and manually inviting them from within Jira ?

Roopa Dass added a comment - 25/Sep/2023 9:38 AM Hi Team- What are the advantages between syncing unmanaged users through SCIM and manually inviting them from within Jira ?

Narmada Jayasankar added a comment - 10/Feb/2021 1:08 AM

Hi Everyone,

Thanks,
Narmada Jayasankar
Product Manager, Atlassian Access

Narmada Jayasankar added a comment - 10/Feb/2021 1:08 AM Hi Everyone, I'm pleased to announce that we have shipped this feature request. If you configured your SCIM connection after November 15, 2020, your SCIM connection supports syncing unmanaged users. All user in your identity provider group will sync to Atlassian If your SCIM connection was configured before November 15, 2020 you will need to opt-in to this feature. You can find more information about opting in on this blog post https://confluence.atlassian.com/cloud/blog/2021/01/easily-provision-users-from-outside-your-verified-domain-to-atlassian-products Thanks, Narmada Jayasankar Product Manager, Atlassian Access

Anuradha Yadav added a comment - 29/Jan/2021 12:04 PM

Hi All,

Any update/progress here?

Regards,

Anuradha

Anuradha Yadav added a comment - 29/Jan/2021 12:04 PM Hi All, Any update/progress here? Regards, Anuradha

Peter Bance added a comment - 31/Dec/2020 9:36 AM

Good to see this is coming - specific scenario details for us:

Approx 200 regular users (from verified domain, SSO to Azure AD)
Approx 50 external users (using Guest accounts in Azure AD)

Interestingly, from the logs, the Azure AD auto-provisioning appears to work for these Guest users, but they do not appear in our products.

Peter Bance added a comment - 31/Dec/2020 9:36 AM Good to see this is coming - specific scenario details for us: Approx 200 regular users (from verified domain, SSO to Azure AD) Approx 50 external users (using Guest accounts in Azure AD) Interestingly, from the logs, the Azure AD auto-provisioning appears to work for these Guest users, but they do not appear in our products.

leigh.webster added a comment - 20/Dec/2020 10:26 PM

Glad to see this is finally in progress. However please also support OneLogin.

leigh.webster added a comment - 20/Dec/2020 10:26 PM Glad to see this is finally in progress. However please also support OneLogin.

Joao Garcia added a comment - 18/Nov/2020 5:38 PM

Hi, is there any workaround that doesn't involve creating users manually in Atlassian for un-managed accounts?

Joao Garcia added a comment - 18/Nov/2020 5:38 PM Hi, is there any workaround that doesn't involve creating users manually in Atlassian for un-managed accounts?

nicolas.gavard added a comment - 16/Oct/2020 1:52 PM

Hi all, same problems for us.

All external users are managed manually despite the use of access+azureAD.

The external user should be able to provide the domain (and so the IDP) that will authenticate him.

nicolas.gavard added a comment - 16/Oct/2020 1:52 PM Hi all, same problems for us. All external users are managed manually despite the use of access+azureAD. The external user should be able to provide the domain (and so the IDP) that will authenticate him.

fadi.matni added a comment - 24/Sep/2020 4:42 PM

Hi , we have the same issue we are using Azure AD (B2B)

Internal 400 Users

Guest more then 100 users we use Azure AD as IDP , we are adding manually the guest users for internal user id with the verified domain also it will nice if there is a way to add to your code for those guest users expiration date in their account thanks

fadi.matni added a comment - 24/Sep/2020 4:42 PM Hi , we have the same issue we are using Azure AD (B2B) Internal 400 Users Guest more then 100 users we use Azure AD as IDP , we are adding manually the guest users for internal user id with the verified domain also it will nice if there is a way to add to your code for those guest users expiration date in their account thanks

Benjamin Warren added a comment - 03/Feb/2020 10:39 PM

same issue for us.

200 internal users 50 external.

we use OKTA as our IDP for both, with onboarding via SCIM for internals.

at present we have to manually add users from external domains, and no neat way of presenting an external user a login interface (for our cloud instance of say Confluence or Jira) other than issueing an internal email address.

Benjamin Warren added a comment - 03/Feb/2020 10:39 PM same issue for us. 200 internal users 50 external. we use OKTA as our IDP for both, with onboarding via SCIM for internals. at present we have to manually add users from external domains, and no neat way of presenting an external user a login interface (for our cloud instance of say Confluence or Jira) other than issueing an internal email address.

joe_shomphe added a comment - 21/Dec/2019 5:18 PM

This is super important for us as well. Our user recertification is done for us in azure active directory. This includes both internal users and external b2c guests. The way access is currently designed completely breaks this functionality. We want to be able to manage all users and application access in a single place. This belongs in the identity provider.

joe_shomphe added a comment - 21/Dec/2019 5:18 PM This is super important for us as well. Our user recertification is done for us in azure active directory. This includes both internal users and external b2c guests. The way access is currently designed completely breaks this functionality. We want to be able to manage all users and application access in a single place. This belongs in the identity provider.

Assignee:: Narmada Jayasankar

Reporter:: André K. (Inactive)

Votes:: 26 Vote for this issue

Watchers:: 49 Start watching this issue

Created:: 08/Apr/2019 1:34 PM

Updated:: 04/Jan/2024 3:31 AM

Resolved:: 10/Feb/2021 1:08 AM

Details

Description

Problem Definition

Suggested Solution

Attachments

Issue Links

Forms

Activity

Collapse comment: Roopa Dass added a comment - 25/Sep/2023 9:38 AM

Expand comment: Roopa Dass added a comment - 25/Sep/2023 9:38 AM

Collapse comment: Narmada Jayasankar added a comment - 10/Feb/2021 1:08 AM

Expand comment: Narmada Jayasankar added a comment - 10/Feb/2021 1:08 AM

Collapse comment: Anuradha Yadav added a comment - 29/Jan/2021 12:04 PM

Expand comment: Anuradha Yadav added a comment - 29/Jan/2021 12:04 PM

Collapse comment: Peter Bance added a comment - 31/Dec/2020 9:36 AM

Expand comment: Peter Bance added a comment - 31/Dec/2020 9:36 AM

Collapse comment: leigh.webster added a comment - 20/Dec/2020 10:26 PM

Expand comment: leigh.webster added a comment - 20/Dec/2020 10:26 PM

Collapse comment: Joao Garcia added a comment - 18/Nov/2020 5:38 PM

Expand comment: Joao Garcia added a comment - 18/Nov/2020 5:38 PM

Collapse comment: nicolas.gavard added a comment - 16/Oct/2020 1:52 PM

Expand comment: nicolas.gavard added a comment - 16/Oct/2020 1:52 PM

Collapse comment: fadi.matni added a comment - 24/Sep/2020 4:42 PM

Expand comment: fadi.matni added a comment - 24/Sep/2020 4:42 PM

Collapse comment: Benjamin Warren added a comment - 03/Feb/2020 10:39 PM

Expand comment: Benjamin Warren added a comment - 03/Feb/2020 10:39 PM

Collapse comment: joe_shomphe added a comment - 21/Dec/2019 5:18 PM

Expand comment: joe_shomphe added a comment - 21/Dec/2019 5:18 PM

People

Dates