I'm not sure if this is an Atlassian Access issue or not, but the gist of our issue is that we have integrated the provisioning API to our app to which a user clicks a button, we provision their account and add them to appropriate security groups. They then navigate to our SSO login and then experience:
1. Delay in the ability to login thru our SSO (shortest delay)
2. Inability to see any associated Projects or Spaces the groups they are in have rights to
3. Ability to see 'some' of the Spaces/Projects their group has access to and then ability to see the rest several minutes later.
The delay is creating a bit of a support bottleneck as there is nothing wrong with their setup, their rights just do not seem to be propagating across the Atlassian cloud faster then when they get there.
I'm a team lead on the team responsible for IdP SCIM integration. Some short delay is expected when user is provisioned and getting propagated throughout all Atlassian systems. But it's usually relatively short.
Can you provide a bit more details on your integration process - who is your IdP? How many users roughly you have provisioned via SCIM interface. Has initial provisioning completed and we're talking about individual user update going forward or is it something else?
From you description, it sounds like JIT provisioning for users belonging to the same domain, but I could be wrong here.
I would appreciate any details on the process so we can better assist you.
Hi @Vlad Svidersky , thank you for the response and apologies for the delay getting back to you. We are using Auth0 as our IdP currently. We have provisioned a few hundred users at this point and yes I'm referring to single users provisioned one at a time as they sign up for our platform. We basically make 2 calls at once as soon they 'trigger' the workflow. We create a user (POST on the Users end point) and then add them to a security group (PATCH on the Groups/GroupID endpoint.
The delay is really only at most 5 minutes probably but for our user experience, they are basically going from our platform directly over to Atlassian and either not able to login or they login and don't have the group rights yet. One question I have is do they need to have a successful login before the Group security right is provisioned or does that happen as soon as they user account provisioning happens whether they login or not?
We will likely just add some language to the sign up process that tells them that they will have to wait or try again if they cannot login, but was just checking to see if maybe we had some setting on the cloud side that synced things faster. It's ok if not, but just checking all options at this point.
@Jon Crosby thank you for additional details. From our point of view - when you're provisioning a new user - login should work almost immediately. There could be potentially some delay (few minutes) with access to various products - since all group membership needs to be propagated through Atlassian internal systems.
As for your last question - I don't believe user needs to have a successful login before
If you want to troubleshoot it further - feel free to create a support ticket and we will look into it.
Based on your valuable feedback, we have released several new features to help you gain administrative flexibility with authentication policies, visibility into shadow IT with automatic product disco...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events