Easily provision users from outside your verified domain to Atlassian products

If you set up System for Cross-domain Identity Management (SCIM) before November 15, 2020, and you manually provisioned users from outside your verified domain, this content is for you.

We’re automating provisioning all types of users from your identity provider

Until now, you’ve had to manually manage and provision users from outside your verified domain in two places: in your identity provider and your Atlassian products. This means you have to do things twice. We know users like contractors, vendors, partners, etc., are users you trust. We also know you want to onboard all types of users from one place.

We’ve changed provisioning to address this problem. When you provision users in your identity provider, we’ll sync all types of users. This means you won’t need to add users in two places.

Review your accounts

Before syncing, we recommend reviewing your accounts to make sure your users and groups have access to the right products.

Download and review users and groups before you sync

We provide you with a CSV file of users outside your domain that we will sync. It includes:

  • Email addressprimary email address of the user in your identity provider.

  • Unique identifier a unique way of identifying a user in your identity provider.

  • Active status in your identity provider – active status is yes or no. If yes, the user is active, and we will sync the user. If no, the user is deactivated, and we won’t sync the user. You can change the status in your identity provider.

  • Group membership – groups the user belongs to in your identity provider.

To download user accounts:

  1. Navigate to Directory > User provisioning at admin.atlassian.com.

  2. Select Review users to start syncing.

  3. To download the CSV file, select Download user accounts.

Review user accounts
Changes to your users and groups could take a while, depending on your setup. Here are a couple of things to consider when you change users and groups.

  1. To grant or prevent product access, add or remove users from groups.

    1. If you don't want your contractors to have product access to JIRA, remove them from the group in your identity provider.

  2. To keep track of product access for different users:

    1. Set up dedicated groups for users from verified domains and from outside verified domains, rather than mixing.

To sync user accounts:

  1. Select Start syncing now

After you start syncing

We link user accounts that exist in Atlassian with the same user account in your identity provider. Your existing Atlassian user group membership and permissions stay the same. You won’t pay twice for the same user. We also won’t count users outside your domain towards your Atlassian Access bill.

To learn more about user provisioning and supported account operations for users from inside and outside your verified domain, visit user provisioning

 

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events