Configure customer provisioning with an identity provider
You can connect one identity provider and configure single sign-on and/or provisioning for your customers (Jira Service Management) when you subscribe to Atlassian Guard Standard.
The ability to provision Jira Service Management customers is available for people in an early access program (EAP). This feature will be available to everyone soon.
The System for Cross-domain Identity Management (SCIM) can integrate an external user directory with Jira Service Management to provision customers outside your organization. This page describes how to configure SCIM to provision customers for Jira Service Management.
If you plan to provision and sync users or employees in your organization as Jira Service Management customers, do not follow the instructions, because these users use Atlassian accounts. Read about how user provisioning works in your organization
Who can do this? |
はじめる前に
Here’s what you must do before you can provision customers to your Jira Service Management site:
Subscribe to Atlassian Guard Standard from your organization. Understand Atlassian Guard
ご自身が Atlassian 組織の管理者であることを確認します。
Make sure you're a Jira admin or product admin for Jira Service Management.
Add an identity provider directory to your Jira Service Management site. How to add an identity provider
Make sure you're a Jira admin to grant synced customers access to the help center and associated portals.
The instructions on this page only provide steps for configuring customer provisioning in Jira Service Management. Your identity provider may provide setup instructions for what to do from their side. Go to the instructions for Atlassian’s supported identity providers
What is provisioning with SCIM?
We support provisioning using the System for Cross-domain Identity Management (SCIM), and this feature uses the SCIM 2.0 version of the protocol.
Before you set up provisioning, we recommend you:
Create test accounts and groups in your identity provider to prevent existing customers from losing access to your help center and portals.
ID プロバイダーを接続して初めて同期する際は、これらのテスト用のアカウントとグループを使用して、すべてが機能することを確認できます。
セットアップが完了したら、次を実行できます。
Manage users’ email addresses and group membership from your identity provider
Update synced customers and customer organizations to automatically access your help center and associated portals. Note that users and groups will sync to Jira Service Management as customers and organizations
SCIM プロビジョニングによって ID プロバイダーを接続する
After you set up user provisioning, make sure you store the SCIM base URL and API key values. Learn which identity providers we support
To set up customer provisioning:
From your organization at Atlassian Administration, select Apps.
Under Sites and products, select the site you want to configure the provisioning for.
Under Jira Service Management, select Portal-only customers.
Select (more options) > Identity providers.
Select an identity provider directory or create a new one.
Select Set up provisioning and follow the on-screen instructions.
From the Get provisioning credentials page, copy the values for SCIM base URL and SCIM API key.
View API key expiration date.
SCIM 設定を保存します。
In early January of 2025, we automatically set SCIM API keys to expire after one year when you:
set up provisioning
ID プロバイダーのディレクトリの SCIM API キーを再生成する
サポートされるアイデンティティ プロバイダー
Your SCIM setup depends on the identity provider. The Atlassian support team can provide setup instructions for supported identity providers.
Your identity provider may provide setup instructions for what to do from their side.
You’re not able to use your identity provider’s pre-configured Atlassian Cloud applications or apps to configure SCIM for customers. Apps are designed to work with SCIM for Atlassian accounts.
正確な手順や用語は、ID プロバイダーによって異なる場合があります。詳細なガイダンスが必要な場合は、プロバイダーのドキュメントまたはサポート リソースを参照してください。
To integrate a generic or custom application with your chosen identity provider:
選択した ID プロバイダーのアカウントにログインします。
独自のアプリを作成するオプションを探します。
Once inside the application creation area, search for the option to integrate any other application not listed in the app gallery or catalog.
このオプションを選択して、設定プロセスを進めます。
Here are setup instructions for some of the commonly used identity providers:
アイデンティティ プロバイダー | セットアップ手順 |
|---|---|
Okta | |
Auth0 | |
CyberArk (Idaptive) | |
Microsoft Entra ID (formerly known as Azure AD) | |
OneLogin | |
PingFederate |
Configure the portal access for customer organizations
To allow portal access to customers and customer organizations provisioned from your identity provider, you need to add synced customer organizations to the relevant Jira Service Management projects.
To view and manage synced customer organizations on your Jira Service Management site:
Go to Settings ( ) > Products > Jira Service Management > Organizations.
Customer organizations that are provisioned from an identity provider will show Synced under the Source column.
Select the organization name to open the organization detail page that shows all the customers belonging to that organization.
Read more about grouping customers into organizations
To add a customer organization to a Jira Service Management project:
サービス プロジェクトで [カスタマー] に移動します。
[組織の追加] を選択します。
組織の名前を入力してドロップダウンから選択し、新しい組織または既存の組織を追加します。
Select Add.
プロジェクトでカスタマー サービス管理が有効になっている場合は、次の手順に従って組織を追加します。
サービス プロジェクトで [組織] に移動します。
[組織を追加] を選択します。
組織の名前を入力してドロップダウンから選択し、新しい組織または既存の組織を追加します。
Select Add.
この内容はお役に立ちましたか?