How to sync the manager attribute into Atlassian Home with Okta

This page assumes you have read this guide on syncing the manager attribute with Atlassian Home. This step is a prerequisite for syncing the manager attribute with Okta.

Atlassian determines the manager of a user by taking the value received for the manager field (manager) and looking up a match by either email (if the value was an email) or user id (if the value was an id). Think about the manager as a reference to another person.

If you have stored the manager information in Azure AD using its native manager field, Azure AD will send us the value as the manager ID, so you don’t need to worry about this. If you’re storing the manager value in a custom field, you need to ensure that the value is either the email or the ID of the manager.

For example, here is the simple reporting line consisting of three people, where the top manager (the right-most person) doesn't have the manager set. This is usually the case with the company's Founders, CEOs, etc.

In this case, the reference is made via the email value (notice the values for the manager field in the blue boxes and how they refer to the person's manager).

Diagram showing users attributed by email.

And here is the same example but with the references made via the user IDs (notice the values for the manager filed in the blue boxes and how they refer to the person's manager).

Diagram showing managers attributed by ID

Step 1: Create the new field

In Okta, create a new field for the Atlassian application.

This step will define the structure of the field we receive at Atlassian when a new user is created/updated, so it’s important to ensure that you follow the correct schema definition:

Namespace

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

External name

manager.value

IT IS IMPORTANT to ensure that the external name and namespace are defined exactly as described above (as specified by the SCIM specification in RFC 7643 section 4.3). Everything else won't be recognized by Atlassian’s Cloud API and will be discarded.

To start, go to the Atlassian application and select “Go to profile Editor” under the “Provisioning” tab:

Atlassian Cloud in Okta, showing the provisioning tab.

In the profile editor, select “add attribute” and configure as defined in the below:

Okta's add attribute modal with inputs listed below this image.

Add Attribute modal inputs from image above:

  1. Data type: string

  2. Display name: Manager

  3. Variable name: managerValue

  4. External name: manager.value

  5. External namespace: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

  6. Description: Manager ID or Email

  7. Enum: unchecked

  8. Attribute length: Between min and max

  9. Attribute required: unchecked

  10. Scope: unchecked


Step 2: Map Okta’s attribute to the newly created field

Map the newly created field to the internal Okta field that contains the manager value. The value we expect to receive is a string containing either the email or the internal user-id of the user’s manager.

  1. Go back to the “Provisioning” tab of the Atlassian Cloud application

  2. Scroll to the bottom of the page and select “Show Unmapped Attributes”

  3. Find the new “Manager” attribute created in the previous step and select the edit button.

  4. Under “Attribute value”, select “Map From Okta Profile” and then select the correct field in Okta that has the manager’s email or ID.

  5. To keep it in sync, make sure “Create and update” is checked to send updates to Atlassian when the user is created or updated

Okta's edit modal for the manager attribute

Step 3: Re-sync your users

Re-sync your user base once the mapping is complete and you’re ready to send the new information to Atlassian.


Step 4: Confirming the sync

You can check the progress of the sync by visiting admin.atlassian.com and navigating to “Security → Identity Providers → Your Okta Directory”, and checking the “User provisioning” info.

A user profile in Atlassian showing the "Works with" section

Once the sync is complete, visit a user profile in Atlas, Jira, or Confluence to see the new section for “Reporting lines“, which shows the user’s manager and direct reports or peers.

 


Troubleshooting

I still don’t see the reporting line after following all the steps

We are currently investigating a behavior that requires emails to be case sensitive before they can be added. If you are experiencing trouble with the manager attribute, you may be able to resolve it by changing emails to all lowercase text. We apologize for the inconvenience this may cause.

Ensure that there are no typos in the manager field created in Step 1. The namespace should be urn:ietf:params:scim:schemas:extension:enterprise:2.0:User and the external name manager.value.

Also, confirm that your Okta users have a manager attribute that it’s either the email or the user id of their manager and that you have mapped this attribute to the newly created field as described in Step 2.

You might also have to re-sync all users and ensure that the users were indeed resynced to Atlassian by looking at Okta’s logs.

There is a “missing profile” in the reporting line

Typically, one person in the organization has no manager (e.g., the CEO). It is important to ensure that this person's manager field is empty and has no value set to it on Okta to prevent the missing profile error (shown below)

Reporting line chart showing a "Missing Profile"

Still having a problem with following the steps above?

Contact us through the “give feedback” button in the navigation bar of Atlassian Home, and we’ll assist you.



Still need help?

The Atlassian Community is here for you.