Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,641,822
Community Members
 
Community Events
196
Community Groups

Can I sync manually added users with the IdP on an ongoing basis?

Nakul Jamadagni
Nakul Jamadagni Jan 22, 2021

Hi,

 

We have a case where existing users keep inviting new users from the company to the application. Now even though we have SCIM enabled the users register via the manual method and are out of sync with the IdP SCIM and cannot be managed by SCIM.

Now I know, Okta has an import function to resolve this but thats not something I am given access to. So wondering if there is another way to enable on-going sync with IdP so that any new manually added user becomes managed by SCIM at a later point?

I understand the requirements: Yes, the user must exist in our IdP group for authentication/SSO but might not have been assigned the app for SCIM group provisioning. Does that make sense? Or am I doing something wrong?

Answer
Watch
Like Be the first to like this
473 views

1 answer

1 accepted

1 vote
Answer accepted
Ivan Lima
Ivan Lima
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Jan 23, 2021

Hey @Nakul Jamadagni, I've seen a similar situation, and how I got around that was reassigning the users/groups from the assignments tab on the Idp side and syncing again. Have you tried that?

View More Comments
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 23, 2021

Agreed. If the user has already been invited manually and you assign a user with the same email address in Okta, then we will match it to the existing account. The profile details from Okta will become the source of truth and the user will be fully managed in Okta like any other IdP-managed user.

On the end user's side, they won't notice a thing unless they had manually set profile details (like job title) already. In that case they would get overwritten by the values from Okta.

Like # people like this
Nakul Jamadagni
Nakul Jamadagni Jan 24, 2021

Thank you @Ivan Lima / @Dave Meyer for the quick response. This has resolved quite a few but some corner cases remain not in sync. Any recommended way to resolve these inconsistencies?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events