Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Group Mapping -keep your users, permissions, and their groups up-to-date with Atlassian Applications

Harshit bhagat January 3, 2023

Are you looking for a way to keep your users, their permissions, and their groups up-to-date with your Atlassian Applications? Well, actually your users managed in your central identity provider (say Okta or Azure or ADFS or any other IDP).

You can easily do this with our group mapping functionality which is a part of our Single Sign On app.

miniOrange SAML SSO (Single Sign On) addon has been an integral part of Atlassian and its products for a long period of time with one of its most in demand features being Group Mapping.

With Group Mapping one can map IDP groups to Atlassian application groups such that the users from the IDPs group will also be added to the mapped group in Atlassian application essentially giving them the permissions associated with the group. 

Let's take an example to understand this better. A user assigned to jira-software-users in the IDP will have access to only the Jira application after SSO into JIRA through mapping. However if the user is removed from the software-users group from the IDP in the future and added to the administrators group, he will have access to all the administration rights after SSO through group mapping. This is possible because of the Group mapping feature which removes the user from the jira-software-users group and adds him or her to the administrators group in the application.

Now you can sync your user’s groups and permissions along with SSO.

 

Group Mapping can be done in two ways :- Manually or On-The-Fly.

If your application group names and your IDP group names are different, one should go with Manual Group Mapping. In this, one can map each IDP group to the application group manually.

If your application groups and your IDP groups have the exact same name then one should go with On-The-Fly Group Mapping. In this, the app detects the groups and adds users and updates their permissions to groups with the same name automatically.

 

There are additional options available within Group mapping for fine-tuned control :-

  • You can also restrict user creation on group mapping. Any user added to IDP will not create the same user in Atlassian application if this option is enabled. Only existing users’ information will be updated during Single Sign On.
  • New groups can also be created. If this option is enabled and a new group is created in the IDP then the same group with the same name will be created in your Atlassian applications as well. The users for those groups will also be mapped accordingly.
  • Keep existing user groups : Generally used for On-The-Fly group mapping. Any groups which are not present in IDP get deleted in the Jira application. With this option, you can prevent deletion of existing groups. If a user exists in the XYZ group in your Atlassian application but also exists in the ABC  group in IDP then that new group(ABC) will be added to your Atlassian application without the existing group(XYZ) being deleted. Therefore both the groups will continue to exist in your Atlassian application and the user will also exist in both the groups.

 

Contact us to know more.

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events