No domain to select or validate when using manual SCIM provisionning with Entra ?

Fares
Contributor
October 1, 2024

Hello,

When trying to set-up connection to our identity provider (Entra), we are given a choice for provisionning users : manual using SCIM and automatic without SCIM.

When picking manual with SCIM, the dropdown to select a domain is empty and the domain is not validated at the end of the process.

The provisioning still works afterwards, with users from Entra being created in Atlassian, but without a validated domain, I can't look at the managed accounts (it asks to link a domain), or set up an authentification policy (it also asks to link a domain), and clicking on "Verify domain" just takes me back to the identity provider setup that is already done. And attempting to use "Link domain" on the member directory shows an empty dropdown.

So the directory shows asynced group, shows that an authentification policy exists (but clicking on it does not work) and shows no linked domain :

fE8NjVC

I feel like I must be missing something but can't figure out what and no online documentation seems to address this.

Thank you very much.

 

2 answers

1 vote
Monika Rani
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 3, 2024

Welcome to the Atlassian Community @Fares Turki you should remove the Directory and the IdP and then start again. This is the only solution right now as suggested by @Hector Menchaca 

Fares
Contributor
October 4, 2024

Thank you Monika, I tried again but as long as I use the manual provisioning, I always end up in this situation.

I had a quick chat with support and it seems it's normal and I have to verify the domain using another method when doing manual provisionnin.

It's not clear why and the UX does not communicate that at all.

1 vote
Hector Menchaca
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 3, 2024

Hello @Fares Turki ,

Welcome to the Atlassian Community!

Have you tried to remove the Identity Provider/Directory and start again the integration?

Yeah - it looks like what you are missing is the most pivotal step of everything that is "verify the domain", so not sure how it let you do that.

Try to remove the Directory and the IdP and then start again.

Thanks!

Fares
Contributor
October 4, 2024

It turns out that this is intended behaviour and when using the SCIM, you have to verify the domain some other way, you can't verify the domain through the IdP.

It's not clear to me why but it's the way it is.

Like Steffen Opel _Utoolity_ likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events