How does Azure AD for nested groups work?

We created a custom integration to connect your Microsoft Azure Active Directory (Azure AD) to your Atlassian organization. You can use it to complete the following tasks:

  • Sync users and their details to your Atlassian cloud organization

    • Sync users and groups (flat and nested groups)

    • Flatten nested groups when you sync, which allows you to keep all effective group memberships

  • Verify your domains from Azure AD

  • Configure and enforce SAML single sign-on

You can complete these tasks through a single and easy setup, which doesn’t require SCIM and SAML. Instead, the integration relies on Microsoft Graph APIs for user provisioning, which is automatically set up after you log in with Microsoft to Azure AD.

Support for nested group memberships

When you connect Azure AD to Atlassian and sync your groups, we flatten the nested group structure. When we flatten the nested groups, we keep your group memberships.

Azure AD does not support the flattening of nested groups natively when using the SCIM protocol but other identity providers, like Okta, support it natively. For more information on nested groups and how we handle them go to Learn more about nested groups

For information about limitations, go to Limitations of Azure AD for nested groups


Additional Help