👥 User & Group Mapping - Right Access, Every Time (SAML SSO)

Hello folks,

In our previous article, we explored how miniOrange SAML SSO + User & Group Sync (SCIM) helps in Just-in-Time Provisioning - how users get automatically created the moment they first log in via SSO. Today, let’s zoom in on another key feature that ensures your Atlassian environment stays organized, secure, and in sync: User & Group Mapping.

Because creating a user is just the first step. Ensuring they get the right permissions, roles, and group memberships immediately is what keeps your teams productive and your data safe.

🔐 What Is User & Group Mapping?

Think of it as a smart bridge between your Identity Provider (IdP) and Atlassian.

When a user is provisioned either via JIT or SCIM - User & Group Mapping ensures:

• Core user attributes like username, email, display name, and department are accurately imported.

• Users are automatically added to the correct groups in Jira, Confluence, or Bitbucket.

• Group membership drives the permissions and access levels they should have.

In short: the right user gets the right access, every time, without manual intervention.

⚡ Why Teams Love It

• Automated Accuracy – No more mismatched permissions or forgotten group assignments.

• Centralized Control – Changes in your IdP (like department or role) can reflect in Atlassian automatically when paired with SCIM.

• Time-Saving – Admins don’t need to manually manage users or groups.

• Consistent Security – Ensures users only have access to what they’re supposed to, reducing security risks.

• Scalable for Large Teams – Perfect for distributed teams, contractors, or multi-department setups.

🛠 How It Works

1. User Provisioning:
   

   • A user is created via JIT or SCIM.
     
     

2. Attribute Mapping:
   

   • Core attributes from the IdP (like username, email, display name) are synced to the Atlassian account.
     
     

3. Group Mapping:
   

   • The user is assigned to the correct Atlassian groups based on the mappings configured in your plugin.

   • Permissions follow automatically from the group assignments.
     
     

4. Ongoing Updates (Optional with SCIM):
   

   • If a user changes departments or roles in the IdP, group memberships and access levels are updated automatically.
     
     

💡 Key Benefits

• No More Manual Work: Automate what used to take hours of admin effort.

• Right Access, Every Time: Users are instantly in the right groups with correct permissions.

• Compliance-Ready: Maintain clear and consistent access control across all teams.

• Works with Any IdP: Okta, Azure AD, miniOrange, Google Workspace, ADFS, OneLogin, and more.

User & Group Mapping completes the picture started by JIT Provisioning - not just creating users, but ensuring they can do the right things, in the right places, from day one.

Because access management shouldn’t slow your team down, it should make it seamless.

💡 Up Next in the SAML + SCIM Series: Advanced Attribute Mapping giving you even more control over user profiles.

If you have any questions or want to see the plugin in action, reach out to us at atlassiansupport@xecurify.com