Uploaded image for project: 'Atlassian Cloud'
  1. Atlassian Cloud
  2. CLOUD-10147

Please provide auto provision and synch of users feature in SAML SSO

    • Icon: Suggestion Suggestion
    • Resolution: Tracked Elsewhere
    • None
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Customers are currently unable to create or delete users directly from SAML and have the same reflected in Atlassian Cloud. 

      Here is an example scenario : 

      1. Customer a JIRA administrator and a SAML administrator for his organization has created a user say at SAML and assigned him the JIRA application access
      2. Customer expects that user automatically gets synched up to Atlassian Cloud and gets created in Atlassian Cloud with JIRA access
      3. But the actual scenario is customer has to create the user and provide access at both SAML and the JIRA Atlassian Cloud separately

      Similarly for delete user, if user access is removed from JIRA Application at SAML , he accepts user to also loose access to JIRA application in the instance.

            [CLOUD-10147] Please provide auto provision and synch of users feature in SAML SSO

            This issue is now closed , set it to superseded by https://jira.atlassian.com/browse/ID-6305 which is now at resolved state

            Suba V (Inactive) added a comment - This issue is now closed , set it to superseded by https://jira.atlassian.com/browse/ID-6305 which is now at resolved state

            Dario B added a comment -

            User provisioning has already been released for Cloud:

            Dario B added a comment - User provisioning has already been released for Cloud: User Provisioning

            Zak Toma added a comment -

            Hi, description is pretty accurate here. Essentially we need some sort of user provisioning feature within the SAML (SSO) configuration.

            We use OneLogin as our IdP which stores our user directory. Users within OneLogin who are granted access to the Atlassian application should automatically be provisioned into JIRA/Confluence. However currently, after granting them access to the application, we then have to go into JIRA/Confluence and create them an account. Likewise, this applies for when suspending/deactivating or deleting. Right now, your SAML configured clients are doubling work for nothing.

            To my understanding, this should be achievable over an API as other applications such as Zendesk, Slack, G Suite achieve the feature this way.

            Zak Toma added a comment - Hi, description is pretty accurate here. Essentially we need some sort of user provisioning feature within the SAML (SSO) configuration. We use OneLogin as our IdP which stores our user directory. Users within OneLogin who are granted access to the Atlassian application should automatically be provisioned into JIRA/Confluence. However currently, after granting them access to the application, we then have to go into JIRA/Confluence and create them an account. Likewise, this applies for when suspending/deactivating or deleting. Right now, your SAML configured clients are doubling work for nothing. To my understanding, this should be achievable over an API as other applications such as Zendesk, Slack, G Suite achieve the feature this way.

              Unassigned Unassigned
              sveeriah Suba V (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: