Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-953

Identify managed accounts by their sync status in API and UI

XMLWordPrintable

    • 48

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      When integrating an IDP with Atlassian Access, some accounts might remain un-synced because the IDP is not actively pushing them to Atlassian. However, those accounts are still billable for Atlassian Access. At the moment, it is not possible to filter out accounts based on their sync status.

      The filter will allow administrator to action on accounts that gets created via other channels besides provisioning. This is even more relevant for organization with larger user base.

      Suggestion :

      to include Provisioned vs Non Provisioned detail (yes/no) in the API response

            [ACCESS-953] Identify managed accounts by their sync status in API and UI

            Aneita added a comment -

            Hi everyone,

            Thanks for your interest on this suggestion. 

            If you have 5 mins available, I would love it if you could complete this survey which will help us get a better understanding of what filters would be most valuable to you. It'll also help us understand if there's any other pain points with org administration that we should address. 

            Your feedback will go a long way in helping us build the right thing for you. 

            Thanks in advance for your time! 

            Cheers,

            Aneita

             

            Aneita added a comment - Hi everyone, Thanks for your interest on this suggestion.  If you have 5 mins available, I would love it if you could complete this survey which will help us get a better understanding of what filters would be most valuable to you. It'll also help us understand if there's any other pain points with org administration that we should address.  Your feedback will go a long way in helping us build the right thing for you.  Thanks in advance for your time!  Cheers, Aneita  

            Huw Evans added a comment -

            This is really painful for large organisations. Using the org and user provisioning APIs to get all the managed and synched users is a real PITA and then the only way we can identify managed but unsynched users is to do a comparison against the two lists of users to identify the applicable users.

            Our org has a banking licence and having these active managed users that are not provisioned via our IDP is a security risk we have to address.

            Having the ability to view the synched users in the directory view, but have no data in the user exports to do the same is really annoying. Though over the years working with Atlassian, I shouldn't really be surprised at the half-baked admin functions.

            Huw Evans added a comment - This is really painful for large organisations. Using the org and user provisioning APIs to get all the managed and synched users is a real PITA and then the only way we can identify managed but unsynched users is to do a comparison against the two lists of users to identify the applicable users. Our org has a banking licence and having these active managed users that are not provisioned via our IDP is a security risk we have to address. Having the ability to view the synched users in the directory view, but have no data in the user exports to do the same is really annoying. Though over the years working with Atlassian, I shouldn't really be surprised at the half-baked admin functions.

            Carsten Schäfer added a comment -

            Yes, this would allow better for cleanup. user accounts are disabled, ok, but externals mix among the synched accounts makes it hard to capture externals that have been inactive for a while.

            What come to my mind as well

            • sorting by activity
            • get last activity date by API
            • flag "is synced by Idp" in API (this ticket's scope)
              • same for GROUPS!
                • Why can't SYNC attributes present in UI not be exposed in the UI?

            Nothing will change but I will search for group API enhancement requests

            Carsten Schäfer added a comment - Yes, this would allow better for cleanup. user accounts are disabled, ok, but externals mix among the synched accounts makes it hard to capture externals that have been inactive for a while. What come to my mind as well sorting by activity get last activity date by API flag "is synced by Idp" in API (this ticket's scope) same for GROUPS! Why can't SYNC attributes present in UI not be exposed in the UI? Nothing will change but I will search for group API enhancement requests

            Jean Desulme added a comment -

            This is important to enterprises so we can effectively determine what accounts aren't synced at scale. The current process of clicking on account to determine if they are synced or not is quite painful 

            Jean Desulme added a comment - This is important to enterprises so we can effectively determine what accounts aren't synced at scale. The current process of clicking on account to determine if they are synced or not is quite painful 

              Unassigned Unassigned
              clionte Claudiu Lionte (Inactive)
              Votes:
              58 Vote for this issue
              Watchers:
              56 Start watching this issue

                Created:
                Updated: