You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I'm not sure if this is an Atlassian Access issue or not, but the gist of our issue is that we have integrated the provisioning API to our app to which a user clicks a button, we provision their account and add them to appropriate security groups. They then navigate to our SSO login and then experience:
1. Delay in the ability to login thru our SSO (shortest delay)
2. Inability to see any associated Projects or Spaces the groups they are in have rights to
3. Ability to see 'some' of the Spaces/Projects their group has access to and then ability to see the rest several minutes later.
The delay is creating a bit of a support bottleneck as there is nothing wrong with their setup, their rights just do not seem to be propagating across the Atlassian cloud faster then when they get there.
I'm a team lead on the team responsible for IdP SCIM integration. Some short delay is expected when user is provisioned and getting propagated throughout all Atlassian systems. But it's usually relatively short.
Can you provide a bit more details on your integration process - who is your IdP? How many users roughly you have provisioned via SCIM interface. Has initial provisioning completed and we're talking about individual user update going forward or is it something else?
From you description, it sounds like JIT provisioning for users belonging to the same domain, but I could be wrong here.
I would appreciate any details on the process so we can better assist you.
Hi @Vlad Svidersky , thank you for the response and apologies for the delay getting back to you. We are using Auth0 as our IdP currently. We have provisioned a few hundred users at this point and yes I'm referring to single users provisioned one at a time as they sign up for our platform. We basically make 2 calls at once as soon they 'trigger' the workflow. We create a user (POST on the Users end point) and then add them to a security group (PATCH on the Groups/GroupID endpoint.
The delay is really only at most 5 minutes probably but for our user experience, they are basically going from our platform directly over to Atlassian and either not able to login or they login and don't have the group rights yet. One question I have is do they need to have a successful login before the Group security right is provisioned or does that happen as soon as they user account provisioning happens whether they login or not?
We will likely just add some language to the sign up process that tells them that they will have to wait or try again if they cannot login, but was just checking to see if maybe we had some setting on the cloud side that synced things faster. It's ok if not, but just checking all options at this point.
@Jon Crosby thank you for additional details. From our point of view - when you're provisioning a new user - login should work almost immediately. There could be potentially some delay (few minutes) with access to various products - since all group membership needs to be propagated through Atlassian internal systems.
As for your last question - I don't believe user needs to have a successful login before
If you want to troubleshoot it further - feel free to create a support ticket and we will look into it.