- Technical situation : Keycloak as an Identity Provider, Atlassian Access for SSO with Jira Software Cloud, Jira Service Desk Cloud and Confluence Cloud. Possible Script Runner usage.
Hello everyone,
Is it possible in Atlassian Access to detect when a user has been deactivated or deleted from the identity provider (here, Keycloak)?
I know that user provisioning is not automatic between Atlassian Access and Keycloak as Keycloak doesn't support SCIM. They can only communicate via SAML and, at best, user provisioning can be done in a Just in Time fashion with Atlassian Access (see Keycloak's wiki about user provisioning and Atlassian Access' doc about Just in time provisioning via SAML)
For our client, it's a big security issue to manage users on both sides. Do you please have any pointer as to what to do when an employee leaves the company?
Here are some of our ideas :
1) If it's possible, raising an event in Atlassian Access when a user is detected as deactivated from the identity provider, and then deactivate the said user in Atlassian Access (for Jira Software Cloud, JSD Cloud and Confluence Cloud). Maybe via Script Runner.
2) Or, run a batch script everyday to check on user licenses and deactivate unlicensed users in Atlassian Access / JS+JSD+Confluence
I'm open to any other ideas.
Thanks in advance,
Regards,
Dylan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.