Hi everyone,
We have shipped an integration with OKTA to enable Atlassian Access customers to connect to LDAP servers at no additional cost.
Regards,
The Atlassian Access team
Hi everyone,
As Dave mentioned in the last update, we’ve implemented User provisioning with SCIM and you can use this mechanism to automate user and group provisioning.
As a quick summary:
- We currently support Okta, OneLogin, and Azure AD.
- For other identity providers, you can use the User provisioning (SCIM) API (documentation at developer.atlassian.com) to sync users and groups over to Atlassian products.
With regards to single sign-on, we support SAML SSO and you can find the instructions to the supported Identity Providers on the linked documentation page.
Regards,
The Atlassian Access team
Hi everyone,
We're pleased to announce that documentation for the User provisioning (SCIM) API is now available on developer.atlassian.com. The API is an implementation of the SCIM specification and is intended to be used to sync users and groups from an identity provider to an Atlassian organization. Once you have linked an Atlassian Cloud site (like example.atlassian.net) to your organization, users and groups will be synced to your site and you can use them to control access to Jira and Confluence Cloud as well as permissions within those products. Learn more about how automatic user provisioning works with Atlassian Cloud.
There are several key benefits to automating user provisioning for Atlassian Cloud:
- It saves you time as an administrator by automating the process of creating and removing Atlassian accounts for your users
- It improves security by reducing errors in the provisioning/deprovisioning process
- It can help reduce costs by ensuring you are not billed for users who are no longer active
The SCIM API is intended for customers who are not already using one of our supported identity providers. We currently support Okta and are actively working on support for Azure Active Directory and Onelogin. If you are using one of these identity providers, we recommend using the supported Atlassian app for these identity providers as this will simplify the configuration process.
We're actively working in this area and will share another update when support for additional identity providers is available.
Regards,
Dave Meyer
Atlassian Access Product Management
- is duplicated by
-
ID-6218 Would like to incorporate an Active Directory Login
- Closed
-
- Closed
- is related to
-
- Closed
- relates to
-
- Closed
-
CSP-147262 You do not have permission to view this issue
- was cloned as
-
- Closed
- links to
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[ID-79] Support LDAP integration with Cloud
Narmada, Your link doesn't work, although I have found that https://www.okta.com/partners/atlassian/. It took me some time to gain knowledge of how to connect AD on-premise with Jira Cloud but thank to this ticket -> Okta choice I think I will be able to do so (reduced cost in comparison to Azure AD).
Hi everyone,
We have shipped an integration with OKTA to enable Atlassian Access customers to connect to LDAP servers at no additional cost.
Regards,
The Atlassian Access team
Need to spend an additional 22K to get this annually for a site of 1400 users!. No thank you. https://confluence.atlassian.com/cloud/pricing-and-billing-for-atlassian-access-948237309.html
This sounds promising but I'm still confused and need to understand how to handle user management and SSO with other systems (e.g. a BI tool embedded in a confluence app) when you don't own a domain and users are not from the same organization.
also posted to the community as well as we're at a total loss here https://community.atlassian.com/t5/Confluence-questions/Atlassian-Cloud-user-management-and-SSO-for-external-not-in-our/qaq-p/1031628
Do we need to subscribe to "Atlassian Access" for each user for $3.00/month to "help reduce costs by ensuring you are not billed for users who are no longer active" i.e. save $7.00 when someone leaves the company (doesn't happen very often)?
In that case, I don't think that I will do much savings...
Hi everyone,
We're pleased to announce that documentation for the User provisioning (SCIM) API is now available on developer.atlassian.com. The API is an implementation of the SCIM specification and is intended to be used to sync users and groups from an identity provider to an Atlassian organization. Once you have linked an Atlassian Cloud site (like example.atlassian.net) to your organization, users and groups will be synced to your site and you can use them to control access to Jira and Confluence Cloud as well as permissions within those products. Learn more about how automatic user provisioning works with Atlassian Cloud.
There are several key benefits to automating user provisioning for Atlassian Cloud:
- It saves you time as an administrator by automating the process of creating and removing Atlassian accounts for your users
- It improves security by reducing errors in the provisioning/deprovisioning process
- It can help reduce costs by ensuring you are not billed for users who are no longer active
The SCIM API is intended for customers who are not already using one of our supported identity providers. We currently support Okta and are actively working on support for Azure Active Directory and Onelogin. If you are using one of these identity providers, we recommend using the supported Atlassian app for these identity providers as this will simplify the configuration process.
We're actively working in this area and will share another update when support for additional identity providers is available.
Regards,
Dave Meyer
Atlassian Access Product Management
This ticket is in progress and so I can't comment on your question.
You may want to review the ticket https://jira.atlassian.com/browse/ID-6305 . It's not exactly the direct LDAP integration with AD that you are looking for, but it's in the same domain. Essentially using Atlassian SCIM APIs and a supported IdP (or custom script) you can manage your Atlassian domain-claimed users and groups via Active Directory.
@vsankin,
Hey, I see that ID-6563 is linked here but closed as a duplicate. Is this ticket's functionality going to include mapping of AD groups to AA groups? We have an interest in that mapping functionality on this end.
Nathan Clark
added a comment - @Gabriel Viger - My guess is the status is BDOT - Busy Doing Other Things 
Nathan Clark
added a comment - @Gabriel Viger - My guess is the status is BDOT - Busy Doing Other Things
damon.gaylor have you seen: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/atlassian-cloud-tutorial
Also: https://confluence.atlassian.com/cloud/saml-single-sign-on-943953302.html
o can we or not use LDAP or do we have to pay extra costs to having to use Atlassian Access which is incredible to have to pay additional costs for this - when we only want to have a password policy or 2fa
Hi there, please give us a status update on when to expect the functionality. Much appreciated.
tamas.csabina - We have made good progress and we are currently running internal tests on SCIM API's (https://jira.atlassian.com/browse/ID-6305) . This will be progressively integrated with major IDP's to support auto provisioning and de-provisioning. We will update the issue as soon as we have it in production.
thanks,
Adarsh,
Product Management, Atlassian
Any official Atlassian update on this item would be really useful!
I see the 'status' from last year December. But seeing no recent Atlassian response, I might feel that this is something that will remain 'in progress' forever. I hope I am wrong.
Johan Jansson
added a comment - Atlassian just launched https://www.atlassian.com/enterprise/cloud/access
Seems just agents should be paid for, this is written in the FAQ:
With Jira Service Desk, do I pay for just my agents?
You'll only pay for the agents within your organization. Employees who only request help on the Jira Service Desk portal and are not licensed on any Atlassian Cloud product will not be billed for.
Johan Jansson
added a comment - Atlassian just launched https://www.atlassian.com/enterprise/cloud/access
Seems just agents should be paid for, this is written in the FAQ:
With Jira Service Desk, do I pay for just my agents?
You'll only pay for the agents within your organization. Employees who only request help on the Jira Service Desk portal and are not licensed on any Atlassian Cloud product will not be billed for. Can I beta this? We just purchased Cloud license and want to move about 30-40 projects from Server over to Cloud....
It stops us from moving more projects away from Server and would help us transition and you make $3 a month off of our 1300 users!
Come on Atlassian the pricing for Identity Manager is crazy. I'm keen to move away from Server onto the Cloud solution but this is a potential show stopper. I can license an unlimited number of users on Crowd for a fraction of the price of IM.
Johan Jansson, this is possible but very expensive.
You have to pay an extra license for everybody signing up... Look at https://community.atlassian.com/t5/Identity-Manager-questions/SAML-for-Service-Desk-customers/qaq-p/727915 for details.
Johan Jansson
added a comment - Is Identity Manager a beta on this feature? If so would if be possible to use SSO for Jira Service desk Customers in the cloud version?
Johan Jansson
added a comment - Is Identity Manager a beta on this feature? If so would if be possible to use SSO for Jira Service desk Customers in the cloud version? Not having single sign-on capabilities for Service Desk portal-only customers is a show-stopper for our migration to Jira Cloud. This functionality is required for us to proceed. (We use Centrify for all of our SSO access for many other applications.)
Please hurry on making these connections available - we've already had to wait over a year to move to cloud due to this functionality gap!
I completely agree with @Daniel Inderbinen. We are currently a Service Now customer. We are trialing Jira Service Desk. Big fan so far and would love to move off of Service Now, but not being able to have users sign in with their network username and password, would be a show stopper for me.
Daniel Inderbinen
added a comment - i agree with all, for me this is a show stopper .. i simply can't roll out a solution without a single user db ..
Daniel Inderbinen
added a comment - i agree with all, for me this is a show stopper .. i simply can't roll out a solution without a single user db ..
I think the priority needs to be raised from Medium to high if I'm honest.
Daniel Inderbinen
added a comment - Hey... any news .. Single source of true is needed for a running company 
Daniel Inderbinen
added a comment - Hey... any news .. Single source of true is needed for a running company Any Ldap-based thing should work...
Azure AD is already on the way with identity manager, but if there are other directories...just take LDAP.
Anders Høfft
added a comment - I would like to cast a vote for JumpCloud integration. Thats awesome, was not aware
However, of course, there is a caveat of having to pay for another product. Nickle and dime...
Another vote here. What is so hard about SAML and ADFS? https://msdn.microsoft.com/en-us/library/bb897402.aspx
Narmada, is there another ticket somewhere to have Atlassian provide an LDAP solution built into the core product? This seems like a miss on the part of Atlassian to only have this feature as a HUGE additional expense to purchase licenses for Atlassian Access. Many other similar tools have LDAP / Azure AD integration as part of their core packages. Please advise if this is on list for future builds. Thank you.