Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

User Provisioning and adding to a group with a SCIM-incompatible identity provider (Keycloak)

Dylan Pokun September 29, 2020


This issue is quite tricky, so I'll try to keep it short and to the point. 

The client's identity provider is Keycloak, which isn't compatible with SCIM. However, user approbation can be automated and SAML-SSO is ok, which is great.

I'm trying to find a way to automatically add the newly self-added-user to a group.

The only thing I can think of is "sending a custom SAML attribute to Atlassian Access containing the user's group from Keycloak", then "somehow retrieve said attribute and add user to the right group, maybe with some ScriptRunner?".

Trouble is, I'm not even sure it's possible, or if there could be a better way to do things.

From what I said: are you inspired with a solution ?

Thank you very much in advance for any kind of help,


1 answer

Suggest an answer

Log in or Sign up to answer
0 votes
Ashwini_More _miniOrange August 1, 2023

Hi @Dylan Pokun

You can use miniOrange SCIM App for automating the group permissions from Keycloak. The app provides support to use Keycloak to sync users and groups. 

You can try out the plugin from Atlassian Marketplace by clicking here and you can refer to this documentation to set up:

You can also reach out to us  for a demo and support by clicking here:

ps: I work for miniOrange, one of the top SSO vendors in Atlassian Marketplace.


AUG Leaders

Atlassian Community Events