Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-648

Add the ability to provision unmanaged users through the user-provisioning feature

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Release Update

      Hi Everyone,

      I'm pleased to announce that we have shipped this feature request. If you configured your SCIM connection after November 15, 2020, your SCIM connection supports syncing unmanaged users. All user in your identity provider group will sync to Atlassian

      If your SCIM connection was configured before November 15, 2020 you will need to opt-in to this feature. You can find more information about opting in on this blog post https://confluence.atlassian.com/cloud/blog/2021/01/easily-provision-users-from-outside-your-verified-domain-to-atlassian-products

      Thanks,
      Narmada Jayasankar
      Product Manager, Atlassian Access

      Problem Definition

      Users may often want to use the user-provisioning feature to provision not only their managed users but also third-party users which they don't own the domain but are part of their IdPs userbase.
      Not being able to provision those users forces these customers into manually inviting them which can be painful depending on the size of their userbase.

      Suggested Solution

      Add the ability to provision unmanaged users into the user-provisioning feature.

      Our ask to customers who would like to use this – please share with us the following input so that we understand the use cases more accurately:

      1. Roughly, the number of users you plan to provision and manage from your IdP:

      1. of managed users
      2. of external users

      2. Which IdP you (plan to) use:

            [ACCESS-648] Add the ability to provision unmanaged users through the user-provisioning feature

            Roopa Dass added a comment -

            Hi Team- What are the advantages between syncing unmanaged users through SCIM and manually inviting them from within Jira ?

            Roopa Dass added a comment - Hi Team- What are the advantages between syncing unmanaged users through SCIM and manually inviting them from within Jira ?

            Hi Everyone,

            I'm pleased to announce that we have shipped this feature request. If you configured your SCIM connection after November 15, 2020, your SCIM connection supports syncing unmanaged users. All user in your identity provider group will sync to Atlassian

            If your SCIM connection was configured before November 15, 2020 you will need to opt-in to this feature. You can find more information about opting in on this blog post https://confluence.atlassian.com/cloud/blog/2021/01/easily-provision-users-from-outside-your-verified-domain-to-atlassian-products

            Thanks,
            Narmada Jayasankar
            Product Manager, Atlassian Access

            Narmada Jayasankar added a comment - Hi Everyone, I'm pleased to announce that we have shipped this feature request. If you configured your SCIM connection after November 15, 2020, your SCIM connection supports syncing unmanaged users. All user in your identity provider group will sync to Atlassian If your SCIM connection was configured before November 15, 2020 you will need to opt-in to this feature. You can find more information about opting in on this blog post https://confluence.atlassian.com/cloud/blog/2021/01/easily-provision-users-from-outside-your-verified-domain-to-atlassian-products Thanks, Narmada Jayasankar Product Manager, Atlassian Access

            Hi All,

            Any update/progress here?

             

            Regards,

            Anuradha

            Anuradha Yadav added a comment - Hi All, Any update/progress here?   Regards, Anuradha

            Good to see this is coming - specific scenario details for us:

            • Approx 200 regular users (from verified domain, SSO to Azure AD)
            • Approx 50 external users (using Guest accounts in Azure AD)

            Interestingly, from the logs, the Azure AD auto-provisioning appears to work for these Guest users, but they do not appear in our products.

            Peter Bance added a comment - Good to see this is coming - specific scenario details for us: Approx 200 regular users (from verified domain, SSO to Azure AD) Approx 50 external users (using Guest accounts in Azure AD) Interestingly, from the logs, the Azure AD auto-provisioning appears to work for these Guest users, but they do not appear in our products.

            Glad to see this is finally in progress. However please also support OneLogin.

            leigh.webster added a comment - Glad to see this is finally in progress. However please also support OneLogin.

            Hi, is there any workaround that doesn't involve creating users manually in Atlassian for un-managed accounts?

            Joao Garcia added a comment - Hi, is there any workaround that doesn't involve creating users manually in Atlassian for un-managed accounts?

            Hi all, same problems for us.

            All external users are managed manually despite the use of access+azureAD.

             

            The external user should be able to provide the domain (and so the IDP) that will authenticate him.

            nicolas.gavard added a comment - Hi all, same problems for us. All external users are managed manually despite the use of access+azureAD.   The external user should be able to provide the domain (and so the IDP) that will authenticate him.

            fadi.matni added a comment -

            Hi , we have the same issue we are using Azure AD (B2B)  

            Internal 400 Users 

            Guest more then 100 users we use Azure AD as IDP , we are adding manually the guest users for internal user id with the verified domain also it will nice if there is a way to add to your code for those guest users expiration date in their account thanks

            fadi.matni added a comment - Hi , we have the same issue we are using Azure AD (B2B)   Internal 400 Users  Guest more then 100 users we use Azure AD as IDP , we are adding manually the guest users for internal user id with the verified domain also it will nice if there is a way to add to your code for those guest users expiration date in their account thanks

            same issue for us.

            200 internal users 50 external.

            we use OKTA as our IDP for both, with onboarding via SCIM for internals.

            at present we have to manually add users from external domains, and no neat way of presenting an external user a login interface (for our cloud instance of say Confluence or Jira) other than issueing an internal email address.

            Benjamin Warren added a comment - same issue for us. 200 internal users 50 external. we use OKTA as our IDP for both, with onboarding via SCIM for internals. at present we have to manually add users from external domains, and no neat way of presenting an external user a login interface (for our cloud instance of say Confluence or Jira) other than issueing an internal email address.

            This is super important for us as well. Our user recertification is done for us in azure active directory. This includes both internal users and external b2c guests. The way access is currently designed completely breaks this functionality. We want to be able to manage all users and application access in a single place. This belongs in the identity provider.

            joe_shomphe added a comment - This is super important for us as well. Our user recertification is done for us in azure active directory. This includes both internal users and external b2c guests. The way access is currently designed completely breaks this functionality. We want to be able to manage all users and application access in a single place. This belongs in the identity provider.

              njayasankar@atlassian.com Narmada Jayasankar
              akasper André K. (Inactive)
              Votes:
              26 Vote for this issue
              Watchers:
              49 Start watching this issue

                Created:
                Updated:
                Resolved: