Why? It could be that a few users are not synchronizing with the groups configured in the authentication policies, which in turn synchronize with Azure Active Directory, and are commonly added to groups in Azure but do not synchronize in JIRA.Why? It could be that a few users are not synchronizing with the groups configured in the authentication policies, which in turn synchronize with Azure Active Directory, and are commonly added to groups in Azure but do not synchronize in JIRA.
Hi @Jhon Brayan Manrique Pachon
Can you provide some more information about any error messages you're receiving?
From the Atlassian Admin hub side, try going to:
On your identity provider, you should also have some sort of provisioning log that might give you some hints as to what the issue is.
Hello @Jhon Brayan Manrique Pachon
Yep when “most users sync but a few don’t”, it’s usually not random. It’s almost always one of these:
Out of scope: the user is added in Entra, but not in the exact group/app assignment that Guard is actually syncing.
Nested group issue: the user is only in a group via another group (nesting). That often doesn’t flow the way people expect.
Group conflict in Atlassian: you’re trying to sync into a group that Atlassian treats as a default access group / special group, so membership won’t apply cleanly.
Identity mismatch: the user’s email/UPN in Entra doesn’t match the Atlassian account, or there’s a duplicate account.
Provisioning delay/error: the change is stuck or failing for that user.
Fastest way to find the real cause: pick one affected user and check the Guard provisioning logs for them. The log message usually tells you exactly what’s wrong (out of scope, conflict, mismatch, etc.).
Hope it helps you find a reason. Have a great Day 🤠
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Jhon Brayan Manrique Pachon ,
Let me try to help here. Did you set this up by SSO/SCIM connector or did you use the Oauth method. There are two ways to configure Entra ID/ Azure AD in Atlassian Guard. The traditional method gives you SCIM and SSO configuration and granular control of groups and users. The second method gives you control of Nest Groups and the Oauth method does it from Microsoft Admin auth method.
Note: If you have nested groups and use the first method users won't sync because that method doesn't support nested groups.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.