Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

User properties (=account details) from Atlassian Access

Róbert Szabó
Róbert Szabó
Contributor
March 23, 2020

Hi Guys,

is there a way to use the user attributes synced from Azure AD to Atlassian Access in Jira automaiton or JQL? (These user related information also known as account details in Jira cloud)

https://confluence.atlassian.com/cloud/user-provisioning-959305316.html?_ga=2.145284535.261953757.1584949045-1049788169.1564737779

You can update these user attributes from you identity provider:

  • Display name
  • Email address
  • Organization
  • Job title
  • Timezone
  • Department
  • Preferred language

 

I found some promising signs like reporter.properties expression in JQL or the smart values in the new automation, but I couldn't make use of them. 

https://support.atlassian.com/jira-software-cloud/docs/smart-values-users/

One use case would be to use the reporter's department attribute from AD to auto assign the issue.

Any help would be appreciated!

Robert

Answer
Watch
Like # people like this
5023 views

4 answers

1 accepted

1 vote
Answer accepted
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 26, 2020

Hello Robert,

Thank you for reaching out to Atlassian Community!

The fields mentioned in the documentation are specific for the identity provider, the fields and values won't be stored in Jira. With that said, currently, it's not possible to get this information to use on automation or to show on a JQL search.

There is an add-on that you can use to show this information on tickets:

 If you have any other questions, please let us know.

Regards,
Angélica

View More Comments
Róbert Szabó
Róbert Szabó
Contributor
March 26, 2020

Thanks for the answer!

In the meantime, I've learned that REST API calls from scripting applications (Scriptrunner, JMWE) can be a workaround.

Like Angélica Luz likes this
Richard Crampton
Richard Crampton
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 23, 2021

Is this still the case with the updates to Automation?

Like
Kalin U
Kalin U
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 21, 2021

@Róbert Szabó Can you perhaps share more about it? I'm interested in accessing the Organization & Department's user property from Azure AD and based on that, set a value in Jira field using A4J (Automation for Jira).

I don't really want to use 3rd-party scripting apps at the time.

Like
Róbert Szabó
Róbert Szabó
Contributor
October 21, 2021

Hello @Kalin U ,

I'm sorry but I don't have any new information on this. I couldn’t get it to work at the time, but I haven’t looked at whether there’s any progress in that area since.

But if you find new information then please share it, I am interested :)

Robert

Like Kalin U likes this
Reply
3 votes
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 2, 2022

I know I'm necroposting, but I was excited to find this, and thought it *might* be useful:

If your IdP is properly syncing with Access (mine is not yet :-(, then you should be able to use the User Management REST API  to find Job Title and Department, which are the only attributes that currently can be synced.

I followed the directions to generate an admin API and then tested it thusly:

% curl -s -H "Authorization: Bearer YOURAPIKEY" https://api.atlassian.com/users/ACCOUNTID_YOU_WANT_TO_LOOKUP/manage/profile | jq .

Which returned:

{
    "account": {
    "account_id": "ACCOUNTID_YOU_WANT_TO_LOOKUP",
    "name": "John Doe",
    "nickname": "jdoe",
    "email": "jdoe@somecompany.com",
    "picture": "https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/default-avatar.png",
    "characteristics": {
    "not_mentionable": null
    },
    "account_type": "atlassian",
    "account_status": "active",
    "email_verified": true,
    "privacy_settings": {
        "name": "public",
        "nickname": "public",
        "picture": "collaborator",
        "extended_profile.job_title": "public",
        "extended_profile.department": "collaborator",
        "extended_profile.organization": "collaborator",
        "extended_profile.location": "collaborator",
        "zoneinfo": "collaborator",
        "email": "collaborator",
        "extended_profile.phone_number": "collaborator",
        "extended_profile.team_type": "private"
      }
   }
}

So in theory then, you could create an Automation webhooks call to extract things job_title or department

CAVEAT/WARNING

Admin API keys have read and write capabilities. Now, the Users API can't actually do much with Managed Accounts (maybe set location?), but there's a few other APIs that you probably don't want too many people to access. And since Automation doesn't have a way to hide/obfuscate API keys (in this case it would be in the Header), remember that any other Jira admins (or Project admins for project-based rules) would be able to see the key.

Reply
1 vote
Darryl Lee
Darryl Lee
Contributor
March 2, 2022

I know I'm necroposting, but I was excited to find this, and thought it *might* be useful:

If your IdP is properly syncing with Access (mine is not yet :-(, then you should be able to use the User Management REST API  to find Job Title and Department, which are the only attributes that currently can be synced.

I followed the directions to generate an admin API and then tested it thusly:

% curl -s -H "Authorization: Bearer YOURAPIKEY" https://api.atlassian.com/users/ACCOUNTID_YOU_WANT_TO_LOOKUP/manage/profile | jq .

Which returned:

{
    "account": {
    "account_id": "ACCOUNTID_YOU_WANT_TO_LOOKUP",
    "name": "John Doe",
    "nickname": "jdoe",
    "email": "jdoe@somecompany.com",
    "picture": "https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/default-avatar.png",
    "characteristics": {
    "not_mentionable": null
    },
    "account_type": "atlassian",
    "account_status": "active",
    "email_verified": true,
    "privacy_settings": {
        "name": "public",
        "nickname": "public",
        "picture": "collaborator",
        "extended_profile.job_title": "public",
        "extended_profile.department": "collaborator",
        "extended_profile.organization": "collaborator",
        "extended_profile.location": "collaborator",
        "zoneinfo": "collaborator",
        "email": "collaborator",
        "extended_profile.phone_number": "collaborator",
        "extended_profile.team_type": "private"
      }
   }
}

So in theory then, you could create an Automation webhooks call to extract things job_title or department

CAVEAT/WARNING

Admin API keys have read and write capabilities. Now, the Users API can't actually do much with Managed Accounts (maybe set location?), but there's a few other APIs that you probably don't want too many people to access. And since Automation doesn't have a way to hide/obfuscate API keys (in this case it would be in the Header), remember that any other Jira admins (or Project admins for project-based rules) would be able to see the key.

View More Comments
atlassian member
atlassian member October 22, 2022

Hi,

Thanks for sharing!

Like
Reply
0 votes
Christian Schneider
Christian Schneider
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 2, 2023

This might be related:

How to show additional information about users on ... - Atlassian Community

Tutorial: Azure Active Directory SSO integration with Atlassian Cloud - Microsoft Entra | Microsoft Learn

 

EDIT:  ... and there is the show stopper: [ACCESS-822] Support more synced attributes for SCIM User Provisioning - Create and track feature requests for Atlassian products.

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Guard
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events