robotsnoindex


Provisioning is available for all Atlassian accounts, which means that you can create, update, and deactivate accounts from your identity provider. Syncing groups is only currently available for Jira products and Confluence and not yet available for Bitbucket.

robotsnoindex

Viewing the right content?

From your organization at admin.atlassian.com, if the Users list and Groups list are under the Directory tab, view the improved user management content.


User provisioning integrates an external user directory with your Atlassian organization. This page describes how to configure user provisioning for your identity provider. For the operations that user provisioning supports, see User provisioning features for more details.

After you configure user provisioning, you manage all user attributes and group memberships from your identity provider.

Prerequisites

There are a couple of things you need to do before you can provision external users into your sites and products:

  1. Get the user provisioning functionality for your identity provider.
  2. Make sure you're an admin for the Atlassian organization. See Organization administration.
  3. Verify one or more or your domains in your organization. See Domain verification.
  4. Subscribe to Atlassian Access from your organization. See Atlassian Access security policies and features.
  5. Make sure you're an admin for at least one Jira or Confluence site that you want to grant synced users access to.

The instructions on this page only provide steps for configuring user provisioning in your Atlassian organization. Your identity provider may provide more setup instructions for what do from their side.

Create a SCIM token

  1. robotsnoindex
    robotsnoindex

    From your organization at admin.atlassian.com,

     click Directory and then User provisioning.

  2. Click Create a directory.
  3. Enter a name to identify the user directory, for example Okta users, then click Create.
  4. Copy the values for Directory base URL and API key. You'll need those for your identity provider configuration later.

    Make sure you store these values in a safe place, as we won't show them to you again.



  5. You'll now add Jira or Confluence sites to your organization so that provisioned users can be granted access to the products. See the user provisioning page for more details about why you want to add a site to your organization.
    From the User provisioning page, click 
    Add a site, select the site you want to add (e.g. example.atlassian.net), and follow the on-screen instructions.


Configure product access for the provisioned groups and users

To grant product access to any newly provisioned users, set up product access for existing groups.

  1. From the site (example.atlassian.net) you added in the previous step, go to Product access and find the Confluence section.
  2. Click Add group and select or enter the name of the synchronized group.
  3. Click Add groups to finish giving the group product access.
    You'll see a success flag that confirms the group is configured for product access. To learn more about configuring product access, see Update product access settings.



    Do not make a synced group from your identity provider a default group. This may cause collisions when attempting to add users to the product that are not managed via SCIM.

robotsnoindex

Improved user management experience

User provisioning integrates an external user directory with your Atlassian organization. This page describes how to configure user provisioning for your identity provider. For the operations that user provisioning supports, see User provisioning features for more details.

After you configure user provisioning, you manage all user attributes and group memberships from your identity provider.

Prerequisites

There are a couple of things you need to do before you can provision external users into your organization and products:

  1. Get the user provisioning functionality for your identity provider.
  2. Make sure you're an admin for the Atlassian organization. See Organization administration.
  3. Verify one or more or your domains in your organization. See Domain verification.
  4. Subscribe to Atlassian Access from your organization. See Atlassian Access security policies and features.

Create a SCIM token

  1. robotsnoindex
    robotsnoindex

    From your organization at admin.atlassian.com,

     select Settings and then User provisioning.

  2. Select Create a directory.
  3. Enter a name to identify the user directory, for example Okta users, then select Create.
  4. Copy the values for Directory base URL and API key. You'll need those for your identity provider configuration later.

    Make sure you store these values in a safe place, as we won't show them to you again.

Users and groups will automatically be provisioned to your organization. See the user provisioning page for more details on how your users and groups sync to your organization.

Configure product access for the provisioned groups and users

To grant product access to any newly provisioned users, select Edit product access and set up product access for existing groups. To learn more about configuring product access, see Update product access settings.

Do not make a synced group from your identity provider a default group. This may cause errors when attempting to add users to the product that are not managed via SCIM.