You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We are using Atlassian cloud.
We are using Atlassian Access. We want to sync users from AAD (Azure AD) but only which belongs to specif group. But we also want that if user is disabled in AAD - it would also be disabled in Atlassian.
We have successfully configured sync from specific AAD group. but how to make automatic disable?
We are also using Atlassian Access with Azure AD. I'm pretty sure this is 100% handled on the AD side of things and it just works when user provisioning has been setup correctly. Our IT team manages our Azure Active directory and they set it up with a specific set of groups to share with Atlassian Access. We recently had a user leave the company and there was nothing I was required to do as their account was disabled as soon as our IT team disabled the account in AD.
If this isn't happening for you, what you may want to try doing is disabling the sync on the Azure AD side of things and restarting it again, per the troubleshooting steps outlined here:
I hope that helps!
Hello @Jimmy Seddon, for us it also works automatically like this.
Now, we want another way of working...
Is there also a possibility to make that a user stays active but not synced/linked with Atlassian Access but stays active as an unlinked/unsynced user? (just removed from the group)
This way we will make it possible that users can stay using Bitbucket or Trello for free but loose access to JIRA-license/access.
@Jimmy Seddon , strange thing is that when I remove a user from the AD-group the user is disabled in Atlassian Cloud and link with Azure cloud is kept. I would expect that the user stays enabled in Atlassian Cloud but looses link with the AD-group and Azure cloud and Atlassian Access instead.
Sorry @Jeroen De Cock I should have clarified. Based on what I think you are trying to do, you need to setup a "non-billable" security policy for Atlassian Access. This is a group that will contain active users who don't get the benefits of Access (like having SSO enabled) but are still active users. The bottom of this page describes the details of setting that up: https://support.atlassian.com/security-and-access-policies/docs/understand-authentication-policies/
Correct! You need to remove them from the sync group, and they need to be added as an unsync'd managed account that exists in the non-billable policy.