[ID-6305] Provide SCIM API's for managing Atlassian account users

Type: Suggestion
Resolution: Done
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Atlassian status as of 7 March 2019

Hi everyone,

The Atlassian Cloud app in Azure AD now supports automated user and group provisioning. If you have Azure AD as your identity provider, you can configure the app to automate the provisioning and deprovisioning process. To get it setup, have a read about how automatic user provisioning works with Atlassian Cloud and then follow the instructions on Azure AD.

As a quick summary:

We currently support Okta, OneLogin, and Azure AD.
For other identity providers, you can use the User provisioning (SCIM) API (documentation at developer.atlassian.com) to sync users and groups over to Atlassian products.

Regards,
The Atlassian Access team

Original request:

User management REST API in JIRA Cloud do not support user profile updates, this breaks consumer who relay on these API's to update user profiles.

Fix: Expose public API's (SCIM standard) for user management which allows consumers to provision, update, delete users directly with Atlasssian account

depended on by

ACCESS-33 Enable user auto-provisioning and sync when SAML enabled

Closed

incorporates

AX-1166 JIRA API disabling users

Gathering Interest

JRACLOUD-30708 Bulk deactivate users

Under Consideration

is related to

ID-164 JIRA User Management REST API

Closed

ID-6517 Bulk Edit Atlassian Accounts in a Cloud Instance

Closed

ACCESS-632 Ability to provision external users from non-verified domains to Atlassian cloud products

Closed

relates to

JSDCLOUD-1015 Active Directory integration for customers

Closed

ID-6563 Allow mapping Active Directory Groups to Atlassian Cloud Groups

Closed

ID-6564 Deactivate users from Okta/Azure/etc.

Closed

supersedes

CLOUD-10147 Please provide auto provision and synch of users feature in SAML SSO

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 is related to, 3 relates to, 1 supersedes, 12 mentioned in)

Helena made changes - 10/Jul/2021 12:44 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 564568 ]

Helena made changes - 10/Jul/2021 12:44 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 564567 ]

Helena made changes - 10/Jul/2021 12:44 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 564627 ]

Katherine Yabut made changes - 19/Sep/2019 5:55 AM

Workflow	Original: JAC Suggestion Workflow [ 3258730 ]	New: JAC Suggestion Workflow 3 [ 3644855 ]
Status	Original: RESOLVED [ 5 ]	New: Closed [ 6 ]

Suba V (Inactive) made changes - 18/Sep/2019 9:13 AM

Link

New: This issue supersedes ~~CLOUD-10147~~ [ ~~CLOUD-10147~~ ]

Stephen Mahood added a comment - 25/Jul/2019 6:50 AM

Yes, we did get it sorted. Our Atlassian Cloud app registration within AzureAD was created a long time ago so it didn't have the correct appRoles for the provisioning to work. Our app only had the msiam_access role available, and not the "User" role. The User role is what is filtered on for the provisioning to work. We ended up patching our application registration using the graph api to include an additional appRole called User which then allowed the provisioning to start working once the User role was assigned to the users.

Stephen Mahood added a comment - 25/Jul/2019 6:50 AM Yes, we did get it sorted. Our Atlassian Cloud app registration within AzureAD was created a long time ago so it didn't have the correct appRoles for the provisioning to work. Our app only had the msiam_access role available, and not the "User" role. The User role is what is filtered on for the provisioning to work. We ended up patching our application registration using the graph api to include an additional appRole called User which then allowed the provisioning to start working once the User role was assigned to the users.

Sean Bryceland added a comment - 25/Jul/2019 4:10 AM - edited

@s.mahood did you get a response from Jira or Microsoft on the NotEffectivelyEntitled error. We have the same issue

Sean Bryceland added a comment - 25/Jul/2019 4:10 AM - edited @s.mahood did you get a response from Jira or Microsoft on the NotEffectivelyEntitled error. We have the same issue

Michael Andreacchio made changes - 27/Jun/2019 1:40 AM

Workflow

Original: ACCESS Suggestion workflow [ 3157070 ]

New: JAC Suggestion Workflow [ 3258730 ]

Yevgen Lasman added a comment - 01/May/2019 2:31 PM

akilunov there is SCIM add-on available on Marketplace for Jira Server. Not sure it is Data Center compatible though but certainly works for Server.

Yevgen Lasman added a comment - 01/May/2019 2:31 PM akilunov there is SCIM add-on available on Marketplace for Jira Server. Not sure it is Data Center compatible though but certainly works for Server.

Katherine Yabut made changes - 16/Apr/2019 6:54 AM

Workflow

Original: reviewflow [ 2011280 ]

New: ACCESS Suggestion workflow [ 3157070 ]

Assignee:: vlad (Inactive)

Reporter:: Adarsh

Votes:: 167 Vote for this issue

Watchers:: 160 Start watching this issue

Created:: 20/Apr/2017 12:58 AM

Updated:: 10/Jul/2021 12:44 AM

Resolved:: 29/Mar/2019 3:14 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Stephen Mahood added a comment - 25/Jul/2019 6:50 AM

Expand comment: Stephen Mahood added a comment - 25/Jul/2019 6:50 AM

Collapse comment: Sean Bryceland added a comment - 25/Jul/2019 4:10 AM, Edited by Sean Bryceland - 25/Jul/2019 4:12 AM

Expand comment: Sean Bryceland added a comment - 25/Jul/2019 4:10 AM, Edited by Sean Bryceland - 25/Jul/2019 4:12 AM

Collapse comment: Yevgen Lasman added a comment - 01/May/2019 2:31 PM

Expand comment: Yevgen Lasman added a comment - 01/May/2019 2:31 PM

People

Dates