Does user / group sync feature of Atlassian Access through OKTA require user provisioning functionality / lifecycle management OR can we somehow sync the user group membership info as part of the SAML assertion?
I don't use Okta but with other IDP providers I have had to set up the SSO and then SCIM separate as the user provisioning happens separately from the SSO portion.
I have done this for
Everytime I have done this after setting up the SCIM you go back to the provider that will provision the users and apply the groups from there. Then in groups you should see those groups provision with a lock on them as the same as the directory in the SCIM.
Thanks @Aaron Geister , we do have SSO enabled but from what I understand the user provisioning / lifecycle management feature is a prerequisite for OKTA (at least according to this doc here
I've spoken with our Identity and Access Management team and from what I understand the lifecycle management in OKTA is simply cost-prohibitive for companies of our size, as such I'm wondering if there's some way of automating user provisioning / de-provisioning / group membership syncs without having to pay for OKTA's lifecycle management features OR writing our own code to manage user group memberships in Atlassian.
Thanks for the clarification of the situation. I am sure if its the SCIM portion and that is on a paid add-on then you would have to create your own way of doing this possibly by API or move to another IDP.
I am not a hundred percent sure as I have always use some type of identity management. I know you get the SCIM provision with JumpCloud, Azure, Onelogin. I didn't know there was an add-on for the rights to use that SCIM portion in Okta.
The only other thing I could offer with help is to say maybe its time to look at another IDP provider like JumpCloud. I can assist with this if you need and you can reach out to me from my profile or email me at firstname.lastname@example.org and the other way is to use google directory sync. If that your email provider. I believe if you do so you can't use okta as SSO.
Yup, I don't think we have an option to use another IdP and the connector between OKTA and Atlassian certainly makes it very convenient to provision / deprovision users and sync groups - the only problem is that it's cost prohibitive for us. Sounds like someone (probably me) will be rolling up his sleeves and get coding.
Hi Community! Thank you to all who joined our ongoing monthly Atlassian Access demo! We have an engaging group of attendees who asked many great questions. I’ll share a recap of frequently ask...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events