I've set up SSO with Okta for my portal-only JSM customers using this guide, and that is working.
My next goal is to provision Customers from Okta, but when I follow these steps, I get stuck on step 6 "Select Set up provisioning and follow the on-screen instructions" because there is no such option, either on the Identity Providers page (where it appears under the three dots for regular user setup in Admin), or in the specific directory I created for the Customers.
Has anyone else set up SCIM provisioning for JSM Customers? Did you need to do the SSO and provisioning at the same time (i.e., it's only available during directory creation, and you can't go back and edit)?
You might need to look how Okta handles this, if this is Okta related.
https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard.htm
What makes you think it is Okta-related? Are you suggesting that something in Okta is preventing Jira from displaying the option to provision? I'm not following...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You mentioned you use OKTA as SSO, I want to use this for your the customer portal as well.
The documentation you used is based on SCIM, but OTA might have precise requirements, this is also mentioned by a link to OKTA documentation in this process.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That option only shows for an Organization admin with Atlassian Guard, and your role is almost certainly the block. Provisioning for portal-only customers is set up at admin.atlassian.com, and Atlassian documents the required role as Organization admin, so a Product admin won't see "Set up provisioning" at all. SSO already working doesn't rule this out, since that can be configured by someone else or was already in place.
The other requirement is Atlassian Guard Standard. Customer SSO and SCIM provisioning both depend on it, and the provisioning option appears once Guard Standard is subscribed. Confirm it's active on the org, not just that SSO happens to work.
On the timing you asked about: provisioning doesn't have to be enabled when the directory is first created. It's added to the identity provider connection you already have. Open the linked IdP under Security > Identity providers, and "Set up provisioning" is there once you're an Org admin with Guard.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gabriela, and thank you for your response.
I am an Org admin, and I'm the one who set up SSO for the JSM Customers and JSM Users.
Provisioning appears as an option for the identity provider connection for JSM Users, but not for the one for Portal-Only Customers.
Atlassian Guard is included with the JSM product I am administering.
In Security > User Security > Identity Providers, the headings are:
In Sites > (site name) > Service Collection > Portal-Only Customers > ... > Identity Providers, the headings are:
I appreciate your insight - let me know if you have any more ideas!
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.