Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Delay in user provisioning

Jon Crosby May 7, 2020

I'm not sure if this is an Atlassian Access issue or not, but the gist of our issue is that we have integrated the provisioning API to our app to which a user clicks a button, we provision their account and add them to appropriate security groups.  They then navigate to our SSO login and then experience:

1. Delay in the ability to login thru our SSO (shortest delay)

2. Inability to see any associated Projects or Spaces the groups they are in have rights to

3. Ability to see 'some' of the Spaces/Projects their group has access to and then ability to see the rest several minutes later.  

The delay is creating a bit of a support bottleneck as there is nothing wrong with their setup, their rights just do not seem to be propagating across the Atlassian cloud faster then when they get there. 

1 answer

Suggest an answer

Log in or Sign up to answer
0 votes
Vlad Svidersky
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 18, 2020

Hi Jon,

I'm a team lead on the team responsible for IdP SCIM integration. Some short delay is expected when user is provisioned and getting propagated throughout all Atlassian systems. But it's usually relatively short. 

Can you provide a bit more details on your integration process - who is your IdP? How many users roughly you have provisioned via SCIM interface. Has initial provisioning completed and we're talking about individual user update going forward or is it something else? 

From you description, it sounds like JIT provisioning for users belonging to the same domain, but I could be wrong here. 

I would appreciate any details on the process so we can better assist you. 

-

Vlad

Identity, Atlassian

Jon Crosby May 27, 2020

Hi @Vlad Svidersky , thank you for the response and apologies for the delay getting back to you.  We are using Auth0 as our IdP currently.  We have provisioned a few hundred users at this point and yes I'm referring to single users provisioned one at a time as they sign up for our platform.  We basically make 2 calls at once as soon they 'trigger' the workflow.  We create a user (POST on the Users end point) and then add them to a security group (PATCH on the Groups/GroupID endpoint.  

The delay is really only at most 5 minutes probably but for our user experience, they are basically going from our platform directly over to Atlassian and either not able to login or they login and don't have the group rights yet.  One question I have is do they need to have a successful login before the Group security right is provisioned or does that happen as soon as they user account provisioning happens whether they login or not?  

We will likely just add some language to the sign up process that tells them that they will have to wait or try again if they cannot login, but was just checking to see if maybe we had some setting on the cloud side that synced things faster.  It's ok if not, but just checking all options at this point. 

Thanks again! 

Vlad Svidersky
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 28, 2020

@Jon Crosby thank you for additional details. From our point of view - when you're provisioning a new user - login should work almost immediately. There could be potentially some delay (few minutes) with access to various products - since all group membership needs to be propagated through Atlassian internal systems.

As for your last question - I don't believe user needs to have a successful login before 

If you want to troubleshoot it further - feel free to create a support ticket and we will look into it. 

DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events