Atlassian Cloud provisioning via Okta

As mentioned above, Atlassian Cloud is provisioned via Okta for users. Users do get assigned with the application, but are unable to access Jira or Confluence, until we manually enable the toggle "Has access to site" for Jira & Confluence under User Management >> <username>

As mentioned above, we need to know how you have set up Atlassian Access to work with Okta.

@Nic Brough -Adaptavist- Okta-Atlassian is connected with the API integration using the API token.

Yes, that's a way to do it, but please could you explain how Atlassian Access is set up with your Okta?

@Nic Brough -Adaptavist- In Okta groups have been assigned applications like Atlassian Cloud. The users are added to respective groups and this is how the application gets provisioned to the user.

How have you set that up in Atlassian Access?

@Nic Brough -Adaptavist- I am not sure about this. Do you mean we need to create Groups with similar names (as in Okta) in Atlassian as well?

That's what I'm asking you - how are you provisioning the groups and users from Okta through Atlassian access?

@Nic Brough -Adaptavist- we have created groups only only in Okta and assigned Atlassian Cloud application to these groups. There are no corresponding groups in Atlassian. There are only default access groups in Atlassian. I have attached a screen shot for your reference:

But how are you connecting Okta to Atlassian Access? 

Sorry, I'm being a bit "broken record" on this, but it seems like you are missing something.  The only way to use Okta as a user directory for Atlassian Cloud is to connect it though Atlassian Access.  

@Nic Brough -Adaptavist- does Okta need to be in the "Connected apps" list:

@Nic Brough -Adaptavist- my apologies for being naïve, but I am a Admin who is also learning on the go and this integration was already implemented before I took over.

No, Okta needs to be connected to Atlassian Access.

This is what I see in the Integration tab for Atlassian Cloud in Okta:

Under the Sign On page, sign on method is SAML 2.0 - Default Relay State

@Nic Brough -Adaptavist- "Okta needs to be connected to Atlassian Access" - does that mean I need to integrate Okta with another application called Atlassian Access instead of Atlassian Cloud?

Yes.

Cloud has three options for user accounts - it can do them with Atlassian Accounts (like the one you are using to post here), or with Google Accounts, or with Atlassian Access.  

Atlassian and Google accounts can be made to work with Okta's SSO, but it's not a direct link into cloud and Okta does not provide the Atlassian or Google account to Atlassian Cloud.

Atlassian Access does take the accounts from Okta (it has lots of other options as well - Active directory, LDAP, etc),

So if you want to "provision" your Cloud accounts from Okta, you have to do it via Atlassian Access.

@Nic Brough -Adaptavist- thanks for your help. I will check this out.