Currently we use Azure user provisioning on one Azure Application where we link all groups we want to publish to atlassian.
The problem with this solution is we want to deactivate some accounts on atlassian without lost all permission in azure groups. (Permission require validation from many responsible).
PS: We don't have issue to deactivate a product to a user as Confluence, Jira; because from user right we build the group that grant access to a product (home made tool on Azure)). But now we want to deactivate atlassian account also to save license on Access (for people doesn't use it).
Current architecture we can't disable a account without removing all permissions, we want to use Azure Application to manage all users and we create the own tool that use SCIM API to manage groups (also that remove the requirement to add groups to azure application (because we can't sync all Azure groups)).
My question:
- When we switch from Azure provisioning users/groups to user only, we will lost current groups ?
- Any issue regarding to have two user provisioning: Azure for user and Home made tool for groups ?
Thanks
