Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
26
-
Description
When using Just-in-Time provisioning as described in our documentation here:
https://confluence.atlassian.com/cloud/saml-single-sign-on-943953302.html#SAMLsinglesign-on-Just-in-timeprovisioningwithSAML
The provisioning does not have the ability to control group enrollment based on input from the IdP (such as attributes). This means that a SCIM module must be developed in order to use custom SAML solutions e.g. Shibboleth or on premises ADFS.
Because of the complexity that this can introduce, I would like to offer the suggestion that adding the ability to control group enrollment by SAML attributes be considered.