You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
This guide will walk you through the process of configuring User Provisioning with a Third-Party Identity Provider for your Atlassian Cloud organization.
For your convenience, there is a video version of this guide at the bottom of this article this will show you how to follow these steps. Also, each of the headings are hyperlinked to the specific time interval in the companion video where that topic is covered.
Before you begin, there are some things you will need or assumptions I will be making about what you have access to as a part of this tutorial. If you don’t have the ability to change or update something that is included in this guide you will either need to find someone that has the ability to perform certain steps or can give you the access you need to perform those steps.
You are going to need to be an Atlassian Organization Administrator for you Atlassian Cloud Organization.
You are going to need to have a subscription to Atlassian Access.
In order to modify managed users, you will need to have already verified your domain and claimed your domain accounts. (Follow this guide if you haven’t completed that step yet)
You are going to need to have a Third-party identity provider setup to the point where you have users and/or groups to be provisioned into your Atlassian Cloud instance.
You may wish to also refer to the Atlassian Documentation for setting up SAML as there are guides for every supported identity provider and this guide will only be covering Microsoft Azure AD:
In addition, I won’t be covering how to setup Azure AD that is outside the scope of this guide. This guide will cover the things you will need to know with Microsoft Azure that relate to setting up the integration between Azure AD and Atlassian Access.
Start by logging into Azure: https://portal.azure.com/#home
Then click on the “Azure Active Directory” tile on the home page.
Next, click on “Enterprise Applications“ in the left hand menu, followed by “+ New application” from the top menu.
“Atlassian Cloud“ should be in the featured applications list, but if it isn’t there use the search bar to find it. Once you have, click on the tile for it. Then, in the right hand popup menu click the create button (you can change the name if you want to, but I’d recommend leaving it at the default of “Atlassian Cloud”).
It will take a couple of minutes to create the new application. Once it’s finished it will take you to the Atlassian Cloud application overview page. From here, we want to click on the “Assign users and groups“ link for “1. Assign users and groups“
On the next page click the “+ Add user/group“
On this page you will want to select all the users and groups that you would like to make available for provisioning.
Click on the “None Selected“ link, then click on all the users/groups in the right hand popup menu and click the select button at that bottom. Then, click the “Assign“ button in the bottom left of the main page.
Select “Provisioning“ from the left hand menu. Then, click the “Get started“ button.
On the next page, change the Provisioning Mode to “Automatic“.
Login to your Atlassian Organization Admin page, which you can do by going to https://admin.atlassian.com, then selecting the Organization you wish to manage.
Next, you will want to navigate to the Settings → User provisioning menu options
Click on the “Create a directory“ button.
On the next, screen enter a name for your directory. Then, click the “Create“ button.
NOTE: Please copy the values on the next page to somewhere safe! As soon as you leave this page You can’t access these values again and you will need to delete the directory and start again.
You will need to copy the “Directory base URL“ value and place it in the “Tenant URL“ field in the Azure AD Provisioning page.
You will need to copy the “API key“ value and place it in the “Secret token“ field in the Azure AD Provisioning page.
Once you have copied both values, press the “Test Connection“ button. If it reports success, click the “Save“ button at the top of the page.
If you were not successful, try copying the values again.
Once you have successfully saved the provisioning settings, use the breadcrumb navigation to go back to the “Atlassian Cloud“ app overview.
If you aren’t on the “Provisioning“ page, use the left hand menu to go to that page.
In the top menu click on the “Start provisioning“ button.
Once successful, go back to the Atlassian Organization Admin page.
Click the “Done“ button on the directory setup page.
It can take some time for the sync to happen, but you should at some point see synced users & groups.
If you go back to the Azure Portal, and click the refresh button, you should also see the same number of users & groups listed as provisioned from the Azure side as well.
Sr R&D Tools Administrator
Waterloo, Ontario, Canada
168 accepted answers