Details
-
Suggestion
-
Resolution: Done
-
None
-
200
-
Description
Hi Atlassian Community!
I’m Matthew Ho, a Product Manager on the Enterprise Trust team. I’m excited to announce the general availability of Microsoft Azure Active Directory (AD) for nested groups. This custom integration supports flattening nested groups between Azure AD and Atlassian Cloud.
Over the past few years, we’ve received requests to add support for nested groups in Atlassian Cloud. Even though we don't support nested groups, we do keep your group memberships when you sync nested groups. This helps you manage permissions and mirror your internal organizational structure. We recognize that some of our customers have faced challenges in moving from Server to Atlassian Cloud because of nested groups requirements. We created this integration to support our customers on their cloud migration journey. We recently completed our feature early access program (EAP) and now have many customers that are already using Azure AD for nested groups.
Using this new integration, you can now retain your nested structure in your Azure AD directory and use a flattened structure in Atlassian Cloud!
Looking to learn more about nested groups? We’ve published an article explaining nested groups. To learn more about Azure AD for nested groups, please read our documentation and how to set it up. If you already provision users from Azure AD using SCIM, and would like to switch to using Azure AD for nested groups, read the instructions here.
Problem Definition
Atlassian Access currently does not support nested group but there are identity service providers that supports and can user provision them. It would be good to support handling of user provisioned nested groups by flattening.
If Nested Groups are being pushed in, the following message will be seen in the User Provisioning Troubleshooting Logs:
Resource [GROUP] <Child Group ID> groupId cannot be added under other groupId <Parent Group ID>
Example of a Nested Group in Azure AD:
ref. Add or remove a group from another group - Azure Active Directory - Microsoft Docs
Suggested Solution / Workaround
At the moment, when a nested group is provisioned, the Child Groups and Members of the nested groups are not provisioned on Atlassian side. Flattening needs to be done on within the Identity Provider:
| Identity provider | How it works | Details and related links | |
|---|---|---|---|
| Okta |
|
||
| PingFederate |
|
||
| OneLogin |
|
||
| Microsoft Azure Active Directory (Azure AD) |
|
Available as Early Access Program (EAP) | |
| G Suite |
|
Attachments
Issue Links
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-