Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,359,913
Community Members
 
Community Events
168
Community Groups

User properties (=account details) from Atlassian Access

Edited

Hi Guys,

is there a way to use the user attributes synced from Azure AD to Atlassian Access in Jira automaiton or JQL? (These user related information also known as account details in Jira cloud)

https://confluence.atlassian.com/cloud/user-provisioning-959305316.html?_ga=2.145284535.261953757.1584949045-1049788169.1564737779

You can update these user attributes from you identity provider:

  • Display name
  • Email address
  • Organization
  • Job title
  • Timezone
  • Department
  • Preferred language

 

I found some promising signs like reporter.properties expression in JQL or the smart values in the new automation, but I couldn't make use of them. 

https://support.atlassian.com/jira-software-cloud/docs/smart-values-users/

One use case would be to use the reporter's department attribute from AD to auto assign the issue.

Any help would be appreciated!

Robert

3 answers

1 accepted

1 vote
Answer accepted

Hello Robert,

Thank you for reaching out to Atlassian Community!

The fields mentioned in the documentation are specific for the identity provider, the fields and values won't be stored in Jira. With that said, currently, it's not possible to get this information to use on automation or to show on a JQL search.

There is an add-on that you can use to show this information on tickets:

 If you have any other questions, please let us know.

Regards,
Angélica

Thanks for the answer!

In the meantime, I've learned that REST API calls from scripting applications (Scriptrunner, JMWE) can be a workaround.

Like Angélica Luz likes this

Is this still the case with the updates to Automation?

Kalin U Rising Star Oct 21, 2021

@Robert Szabo Can you perhaps share more about it? I'm interested in accessing the Organization & Department's user property from Azure AD and based on that, set a value in Jira field using A4J (Automation for Jira).

I don't really want to use 3rd-party scripting apps at the time.

Hello @Kalin U ,

I'm sorry but I don't have any new information on this. I couldn’t get it to work at the time, but I haven’t looked at whether there’s any progress in that area since.

But if you find new information then please share it, I am interested :)

Robert

Like Kalin U likes this
2 votes
Darryl Lee Community Leader Mar 02, 2022

I know I'm necroposting, but I was excited to find this, and thought it *might* be useful:

If your IdP is properly syncing with Access (mine is not yet :-(, then you should be able to use the User Management REST API  to find Job Title and Department, which are the only attributes that currently can be synced.

I followed the directions to generate an admin API and then tested it thusly:

% curl -s -H "Authorization: Bearer YOURAPIKEY" https://api.atlassian.com/users/ACCOUNTID_YOU_WANT_TO_LOOKUP/manage/profile | jq .

Which returned:

{
"account": {
"account_id": "ACCOUNTID_YOU_WANT_TO_LOOKUP",
"name": "John Doe",
"nickname": "jdoe",
"email": "jdoe@somecompany.com",
"picture": "https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/default-avatar.png",
"characteristics": {
"not_mentionable": null
},
"account_type": "atlassian",
"account_status": "active",
"email_verified": true,
"privacy_settings": {
"name": "public",
"nickname": "public",
"picture": "collaborator",
"extended_profile.job_title": "public",
"extended_profile.department": "collaborator",
"extended_profile.organization": "collaborator",
"extended_profile.location": "collaborator",
"zoneinfo": "collaborator",
"email": "collaborator",
"extended_profile.phone_number": "collaborator",
"extended_profile.team_type": "private"
}
}
}

So in theory then, you could create an Automation webhooks call to extract things job_title or department

CAVEAT/WARNING

Admin API keys have read and write capabilities. Now, the Users API can't actually do much with Managed Accounts (maybe set location?), but there's a few other APIs that you probably don't want too many people to access. And since Automation doesn't have a way to hide/obfuscate API keys (in this case it would be in the Header), remember that any other Jira admins (or Project admins for project-based rules) would be able to see the key.

I know I'm necroposting, but I was excited to find this, and thought it *might* be useful:

If your IdP is properly syncing with Access (mine is not yet :-(, then you should be able to use the User Management REST API  to find Job Title and Department, which are the only attributes that currently can be synced.

I followed the directions to generate an admin API and then tested it thusly:

% curl -s -H "Authorization: Bearer YOURAPIKEY" https://api.atlassian.com/users/ACCOUNTID_YOU_WANT_TO_LOOKUP/manage/profile | jq .

Which returned:

{
"account": {
"account_id": "ACCOUNTID_YOU_WANT_TO_LOOKUP",
"name": "John Doe",
"nickname": "jdoe",
"email": "jdoe@somecompany.com",
"picture": "https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/default-avatar.png",
"characteristics": {
"not_mentionable": null
},
"account_type": "atlassian",
"account_status": "active",
"email_verified": true,
"privacy_settings": {
"name": "public",
"nickname": "public",
"picture": "collaborator",
"extended_profile.job_title": "public",
"extended_profile.department": "collaborator",
"extended_profile.organization": "collaborator",
"extended_profile.location": "collaborator",
"zoneinfo": "collaborator",
"email": "collaborator",
"extended_profile.phone_number": "collaborator",
"extended_profile.team_type": "private"
}
}
}

So in theory then, you could create an Automation webhooks call to extract things job_title or department

CAVEAT/WARNING

Admin API keys have read and write capabilities. Now, the Users API can't actually do much with Managed Accounts (maybe set location?), but there's a few other APIs that you probably don't want too many people to access. And since Automation doesn't have a way to hide/obfuscate API keys (in this case it would be in the Header), remember that any other Jira admins (or Project admins for project-based rules) would be able to see the key.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Atlassian Access

Atlassian Access Demo Q&A Recap

Hi Community! Thank you to all who joined our ongoing monthly Atlassian Access demo! We have an engaging group of attendees who asked many great questions. I’ll share a recap of frequently ask...

1,500 views 5 5
Read article

Atlassian Community Events