Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

User Provisioning with OneLogin

Mate Major
Mate Major March 1, 2019

Hi all,

I am trying to do the automated user provisioning from OneLogin to Atlassian Access and doing so with the help of this guide:

https://onelogin.service-now.com/support?id=kb_article&sys_id=05501489db792708ca1c400e0b9619ea

Everything seems to work fine and it says the user has been provisioned in the onelogin backend, however i cant pull my groups from Atlassian Acces as it shows on the picture below. I have a blank box instead. I have been through this guide about 20 times followed the steps properly. Anybody has any idea what else can be done?

Thanks in advance

Screen Shot 2019-03-01 at 11.17.55 AM.png

 

 

 

I have reached out to Onelogin and they have sent me this:

"Mate,

There is nothing wrong with the onelogin side. The issue is we are asking for the values from here 

https://api.atlassian.com/scim/directory/7f373c24-ab7a-4223-b2af-f2d996237663/Groups?count=100&startIndex=1 

We are getting a good response 200 Ok 

[INFO Fri Mar 01 13:32:38 +0000 2019] Response Code: 200

Yet Atlassian API is reporting back 0 results 

"{"startIndex"=>1, "totalResults"=>0, "itemsPerPage"=>100, "Resources"=>[], "schemas"=>["urn:ietf:params:scim:api:messages:2.0:ListResponse"]}"

I do not have any information other than this response showing 0 results I would recommend reaching out to TS at atlassian and find out why this call at https://api.atlassian.com/scim/directory/7f373c24-ab7a-4223-b2af-f2d996237663/Groups?count=100&startIndex=1 using your GUID 7f373c24-ab7a-4223-b2af-f2d996237663 and token is responding with 0 results. 

Best Regards"

Anybody has any ideas?

Thanks in advance

 

 

Answer
Watch
Like Be the first to like this
1462 views

3 answers

2 accepted

0 votes
Answer accepted
Demi Benson
Demi Benson April 26, 2019

Hey Máté,

I had troubleshooting sessions with both Atlassian and OneLogin, and in my case, the reason the groups weren't showing up is because I had to setup new rules (the "Rules" tab in the Atlassian Cloud app), and the rules have to do regex capture on a user's OneLogin metadata (User Info -> Directory Details -> MemberOf box) to populate the groups.

I wish that information was more clear in both sides' documentation.

View More Comments
Mate Major
Mate Major April 29, 2019

Thanks Demi,

I got tired of waiting and added the users manually. Nobody answered me for a long time so this was easier. Thanks for reaching out though.

Best

Mate

Like
Reply
0 votes
Answer accepted
Mate Major
Mate Major March 13, 2019

Hi Jonathon,

Thanks for the answer. I have tried to do this and it still doesn't show any groups for me in OneLogin at all. Could you please send me a step by step or point me where you have updated the documentation so i can make this work?

Thanks a lot

Best Regards

Mate Major

Reply
1 vote
Jonathon Yu
Jonathon Yu
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 4, 2019

Hi Máté,

If you're setting up SCIM automatic user provisioning for the first time, your Org in Atlassian Access won't have any groups associated with it, so when OneLogin or you query the API you'll get zero groups returned. You might have groups that already exist in your Jira site, but those are in a tenant/site context and not global, so those aren't the same groups that OneLogin would pull.

To set up groups in automatic user provisioning, in your OneLogin dashboard you would go to the "Roles" tab in the "Users" dropdown. Creating these Roles corresponds to a SCIM group; you could then assign users to these roles and push the group in the parameters tab for your app as seen in OneLogin's documentation.

We'll follow up with OneLogin to clarify and update the documentation, hope this helps!

--Jonathon | Access Engineering

View More Comments
Demi Benson
Demi Benson April 8, 2019

I'm having the same problem as the OP (no groups in Atlassian Access user provisioning, and no groups means new employees don't have access to anything), and my OneLogin config is set to give Atlassian site access via a OneLogin Role (called "Everyone", since it's for everyone in the company); that part works.

But when I edit the Atlassian Cloud app in OneLogin, and edit the Groups optional parameter, there are no roles or groups in the picker, and therefore none can be sent over.

Can you give us an update on how we should be adding new people? Because the whole purpose of going with Atlassian Access is to provide consolidated user management. If new employees can't get access, then what's the point?

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security