Dear Atlassian team,

we are using Atlassian tools (Jira, Confluence, Bitbucket) in a setting where we process hundreds of projects a year. We can only cope with this amount of projects with stringent automation.

Our IT service desk system (Ivanti service desk) triggers the creation scripts via calls routed through an ESB (Enterprise Service Bus). The project setup and creation is done via BobSwift CLI API calls. The deployment process for new projects involves creating corresponding groups in our central Active Directory, which are then to be authorized in Jira. Currently our process engine needs to wait for an Active Directory synchronization before we can assign permissions to Active Directory groups. If the process does not wait long enough Jira creates new groups in the local Jira group repository which contradicts our intention of centralized group and user management. Our current synchronization interval is set to 15 minutes. Neither the Bob Swift API nor native Jira/Confluence/Bitbucket APIs provide a way to accelerate the Active Directory synchronization and we know of no way to skip the internal group creation.

We would like to either have an API endpoint in all Atlassian applications to trigger incremental group synchronizations or preferably to make it possible that Active directory is actively requested when another API call tries to use a group that is not yet known to the Atlassian application. This would dramatically shorten provisioning time for our end users from more than 20 minutes to a few seconds. The proposal/workaround in https://jira.atlassian.com/browse/JRASERVER-68724 would provide a partial implementation using a full synchronization that is too brittle in our opinion.

We are open to discuss this issue with product teams inside of Atlassian.

Best regards,

Frank on behalf of the T-Systems MMS Application management team