Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Assign product access automatically with Azure User Provisioning

Matthew_Bonanno
Matthew_Bonanno December 10, 2024

Hi all,

We just implemented user provisioning via Azure AD. I created a test account and performed a Provision on demand. The user was created in the Directory Users, however he was not allocated the Product Access required. We have an enterprise application called Atlassian SSO, which links the user provisioning. I also added the Group product access under the Atlassian SSO, but no luck.

 

Any help would be appreciated!

Answer
Watch
Like Be the first to like this
222 views

1 answer

0 votes
Kieren _SmolSoftware_
Kieren _SmolSoftware_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 10, 2024

Hi @Matthew_Bonanno 

Are you on Cloud or DC?

View More Comments
Matthew_Bonanno
Matthew_Bonanno December 11, 2024

Hi Kieran, we are on Cloud.

Like
Kieren _SmolSoftware_
Kieren _SmolSoftware_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 11, 2024

Hey @Matthew_Bonanno 

I think you have three options:

1. Choose some of the sync’d groups that you’ve created in the Atlassian Directory, and assign them product access to the products you want. The pro of this is you’re maintaining product access directly from your sync’d groups. The cons are; you’ll need to monitor for any new groups that are created with new users in them from Azure AD, and grant those groups access as will. And you’ll need to ensure all these groups are granted access to your various Jira projects, and Jira global permissions. It can be a fair bit of work to keep ontop of.

2. You manually add the users to the jira-users-siteName group, after they’ve been sync’d. This group is already set up with all the correct default project and global Jira permissions. This can also be a lot of work if you have new users joining and existing users needing to be removed. You could try writing a script using the Jira and Organization APIs to do this for you faster.

3. You install a marketplace app like Admin Automations to keep particular AD groups in sync with the default Atlassian groups. It’s the same solution as #2, but it’s automated.


It really comes down to how complex your project settings and global permissions are.

I hope that helps!

-Kieren

Co-Founder @ Admin Automations | Ex-Atlassian

Like
Matthew_Bonanno
Matthew_Bonanno December 11, 2024

All users who are given the Atlassian SSO group are created in Atlassian, however they don't receive an invite since they don't have any product access. I assumed that if the Atlassian SSO group from Microsoft is syncing into Atlassian, they would get the product access from the Atlassian SSO group in Atlassian.

Like
Kieren _SmolSoftware_
Kieren _SmolSoftware_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 12, 2024

They could, absolutely. That’s the same as option 1. If it’s just one group that has all the users you want to grant access to, then just apply product access to that one group.

But make sure you include that group in any project or global permissions you need to use.

Instead of getting an invite, you should just include the Jira/Confluence URL in your staff onboarding training. There’s no way to automatically create invites for users added via SCIM.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.