Are you looking for a way to keep your users, their permissions, and their groups up-to-date with your Atlassian Applications? Well, actually your users managed in your central identity provider (say Okta or Azure or ADFS or any other IDP).
You can easily do this with our group mapping functionality which is a part of our Single Sign On app.
miniOrange SAML SSO (Single Sign On) addon has been an integral part of Atlassian and its products for a long period of time with one of its most in demand features being Group Mapping.
With Group Mapping one can map IDP groups to Atlassian application groups such that the users from the IDPs group will also be added to the mapped group in Atlassian application essentially giving them the permissions associated with the group.
Let's take an example to understand this better. A user assigned to jira-software-users in the IDP will have access to only the Jira application after SSO into JIRA through mapping. However if the user is removed from the software-users group from the IDP in the future and added to the administrators group, he will have access to all the administration rights after SSO through group mapping. This is possible because of the Group mapping feature which removes the user from the jira-software-users group and adds him or her to the administrators group in the application.
Now you can sync your user’s groups and permissions along with SSO.
Group Mapping can be done in two ways :- Manually or On-The-Fly.
If your application group names and your IDP group names are different, one should go with Manual Group Mapping. In this, one can map each IDP group to the application group manually.
If your application groups and your IDP groups have the exact same name then one should go with On-The-Fly Group Mapping. In this, the app detects the groups and adds users and updates their permissions to groups with the same name automatically.
There are additional options available within Group mapping for fine-tuned control :-
Contact us to know more.