Uploaded image for project: 'Atlassian Access'
  1. Atlassian Access
  2. ACCESS-718

As an admin, I want the SCIM user provisioning to sync groups and memberships from the IdM/IdP even if they exist in my Cloud site

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Problem Definition

      There's a current limitation in SCIM user provisioning:

      Unsupported features

      User provisioning doesn't support the following features related to groups:

      • ...
      • Pushing a group from your identity provider that has the same name as a group in your organization. Otherwise, you'll get an error when you try to sync.

      This makes the SCIM user provisioning very painful for customers with existing Cloud sites with many users/groups, especially with ACCESS-608 missing. 

      With the absence of this feature, admins have to delete all groups from Cloud and let the sync create them again. Furthermore, we can't guarantee permissions will pick up the new groups.

      Suggested Solution

      Groups should still be synchrnoized even if the exist in Cloud. If a group exists in Cloud, it should just be linked to the group IdM/IdP and reflect any future changes.

      Workaround

      None

      Attachments

        Issue Links

          duplicates

          Suggestion - ACCESS-608 SCIM user provisioning: Allow the Organization's directory to pull groups from the integrated Cloud sites

          • Closed

          Activity

            People

              Unassigned Unassigned
              adridi Arbi Dridi
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: