Hello,
We’re currently configuring Atlassian Guard to provision users and groups from Microsoft Entra ID to Atlassian Cloud.
Because we rely on nested groups, we chose to set up the integration using the Azure Integration method.
After running the synchronization, here’s what we’re observing:
- Internal users (company.com & other sub-domain) → Successfully synced
- External users (B2B Guests) → Successfully synced
- External users (Cross-tenant synced users marked as "Member") → Not synced. These users are not provisioned. They are also not added to the expected synced groups
It seems that cross-tenant users (present in our Entra ID but originating from another tenant) are not being synchronized. Note that their user type is set to "Member".
I contacted Atlassian Support, and they suggested the following:
"The affected users are currently set as "Member" in Entra ID. Since their domain is not verified in your Atlassian organization, this may create a logic conflict.
Changing their role to "Guest" explicitly identifies them as external collaborators, which can bypass domain verification constraints."
- Has anyone else encountered this issue when trying to provision cross-tenant users via Atlassian Guard?
- Were you able to successfully sync them while keeping their Member status?
- Is converting them to Guest the only viable workaround, or are there alternative solutions?
Any insights, best practices, or confirmation would be greatly appreciated!
Thanks in advance
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.