Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,456,703
Community Members
 
Community Events
176
Community Groups

Delay in user provisioning

I'm not sure if this is an Atlassian Access issue or not, but the gist of our issue is that we have integrated the provisioning API to our app to which a user clicks a button, we provision their account and add them to appropriate security groups.  They then navigate to our SSO login and then experience:

1. Delay in the ability to login thru our SSO (shortest delay)

2. Inability to see any associated Projects or Spaces the groups they are in have rights to

3. Ability to see 'some' of the Spaces/Projects their group has access to and then ability to see the rest several minutes later.  

The delay is creating a bit of a support bottleneck as there is nothing wrong with their setup, their rights just do not seem to be propagating across the Atlassian cloud faster then when they get there. 

1 answer

0 votes

Hi Jon,

I'm a team lead on the team responsible for IdP SCIM integration. Some short delay is expected when user is provisioned and getting propagated throughout all Atlassian systems. But it's usually relatively short. 

Can you provide a bit more details on your integration process - who is your IdP? How many users roughly you have provisioned via SCIM interface. Has initial provisioning completed and we're talking about individual user update going forward or is it something else? 

From you description, it sounds like JIT provisioning for users belonging to the same domain, but I could be wrong here. 

I would appreciate any details on the process so we can better assist you. 

-

Vlad

Identity, Atlassian

Hi @Vlad Svidersky , thank you for the response and apologies for the delay getting back to you.  We are using Auth0 as our IdP currently.  We have provisioned a few hundred users at this point and yes I'm referring to single users provisioned one at a time as they sign up for our platform.  We basically make 2 calls at once as soon they 'trigger' the workflow.  We create a user (POST on the Users end point) and then add them to a security group (PATCH on the Groups/GroupID endpoint.  

The delay is really only at most 5 minutes probably but for our user experience, they are basically going from our platform directly over to Atlassian and either not able to login or they login and don't have the group rights yet.  One question I have is do they need to have a successful login before the Group security right is provisioned or does that happen as soon as they user account provisioning happens whether they login or not?  

We will likely just add some language to the sign up process that tells them that they will have to wait or try again if they cannot login, but was just checking to see if maybe we had some setting on the cloud side that synced things faster.  It's ok if not, but just checking all options at this point. 

Thanks again! 

@Jon Crosby thank you for additional details. From our point of view - when you're provisioning a new user - login should work almost immediately. There could be potentially some delay (few minutes) with access to various products - since all group membership needs to be propagated through Atlassian internal systems.

As for your last question - I don't believe user needs to have a successful login before 

If you want to troubleshoot it further - feel free to create a support ticket and we will look into it. 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS

Atlassian Community Events