Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do you auto-populate confluence-users-<sitename> and jira-users-<sitename>?

Harold Price
Harold Price July 4, 2023

Okta and other IdPs have tools to keep group memberships dynamically up-to-date. However, there is no way to populate the confluence-users and/or confluence-users-<sitename>, jira-users-<sitename> groups based on their membership in groups in pushed Okta groups.

I can assign product access based on groups in Okta. However, is it better to use the built-in groups in Atlassian access to grant users to products and the the correct confluence and jira groups?

 

We have created a group called "Atlassian Confluence Users" and "Atlassian Jira Users" in Okta and are pushing that to Atlassian Cloud. How can these groups be mirrored to their respective Atlassian built-in groups?

 

 

Answer
Watch
Like Kaz Nobutani likes this
564 views

3 answers

2 accepted

1 vote
Answer accepted
Paul O_Shaughnessy
Paul O_Shaughnessy July 11, 2023

I ran into this problem a few years back.  These days you might be able to automate something to sync group membership, but we took the approach of moving to the IDP managed groups. 

If you still have the existing 'confluence-users' group and group members you could do something similar to what we did which meant slowly moving across over a longish period of time.  I can't believe there isn't a better solution to this, but I've never actually seen one published.  On the plus side, this approach is fairly easily and low maintenance.

See my very old post on this. 

View More Comments
Harold Price
Harold Price July 11, 2023

Paul, thank you for your response as well. Your solution sounds promising. Unfortunately, I can not access the link you provided.   Any chance you can fix that?

Thanks again,

Harold

Like
Paul O_Shaughnessy
Paul O_Shaughnessy July 11, 2023

I think the link is fixed now!

Like Harold Price likes this
Harold Price
Harold Price July 11, 2023

Thank you Paul. Your assessment is inline with what Kazuki also explained.

Hopefully, Atlassian can add some better group management controls into the Atlassian  Access product.

Like
Reply
1 vote
Answer accepted
Kaz Nobutani
Kaz Nobutani
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 10, 2023

Hello Harold,

Thank you for posting your question. 

I personally recommend you to use the pushed Okta group to manage accesses of products, simply because you do not need to manually + individually add users to each <product>-<access>-<sitename> group. By assigning accesses to the pushed group, newly synced users will automatically will have the same access as other users in the same group, which makes user management easy. 

Or do you have any requirements to use the <product>-<access>-<sitename> groups?

Also, as far as I know, there is no option to copy or sync the product access from one to another on the UI. 

View More Comments
Harold Price
Harold Price July 10, 2023

Kazuki,

Thank you for your response. This is less of a product access and more of a space permissions issue. We have over a hundred spaces with permissions set to "confluence-users" on the previous confluence Server that we are migrating to the cloud which now requires the confluence-users-<sitename>.  Not only can I not automatically grant all new accounts to this group, but now I can not grant to the "confluence-users-<sitename>" group either.

Do I now have to manually update the hundreds of spaces and monitor daily any new space being created so that everyone is given access to that new space using the Okta group instead of the default confluence-users-sitename group.

 

Is there a way to setup my okta group as the default group for spaces ?

Like
Harold Price
Harold Price July 11, 2023

@Kaz Nobutani 

Please pass this along to the rest of the Atlassian team:

  • Have the ability to set a Default group for users provisioned from SCIM
    or
  • Allow groups to be dynamically generated from a set of user attribute criteria or other groups they do or don't belong to.

 

Thanks again for the assistance.

Like Kaz Nobutani likes this
Kaz Nobutani
Kaz Nobutani
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 13, 2023

Hello Harold,


Thank you very much for your feedback. I researched on existing feature requests and spotted these ones. The idea is that to have a default groups for imported users; automatically assign/map them which is what you stated above.

https://jira.atlassian.com/browse/ACCESS-604 (Grant users synced from identity providers via SCIM application access by default)

https://jira.atlassian.com/browse/ACCESS-1397 (Sync group membership from local default group to synced group)

 

Please feel free to leave comments and vote for those items. I’m afraid the workaround would be to manually assign permissions little by little as Paul shared at this point. 

Here is more information about feature requests in general.

Like Harold Price likes this
Harold Price
Harold Price July 13, 2023

That was extremely helpful. I added some votes.  The components should include more than just Google GSuite on #604

 

Thank you very much.   Have a great day

Like
Reply
0 votes
Kieren
Kieren
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 4, 2023

Hi @Harold Price  ,

This has been an issue for a while and unfortunately as @Kaz Nobutani said there is no feature within Atlassian administration that will solve this for you. It has been a big pain point for Atlassian Admins who want to utilise the default or custom Atlassian groups for both SCIM and non-SCIM users, ACCESS-604 is a testament to that!

There is an upcoming app that could help with this, we're going to solve ACCESS-604. It's about to be released in a free closed beta (mid Dec 2023). If you're interested check out our website https://smolsoftware.com and drop us a line. When we launch publicly, I'll drop a note back in here. 

-Kieren
Co-Founder @ Smol Software | Ex-Atlassian

View More Comments
Harold Price
Harold Price December 5, 2023

@Kieren thanks for the response. I'll check out your app.

Like
Kieren
Kieren
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 20, 2024

@Harold Price we've just launched. Hopefully it will solve your issue.

-Kieren
Co-Founder @ Smol Software | Ex-Atlassian

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events