Provision and sync users from an identity provider
Make changes in your identity provider to users and groups and sync them to your Atlassian organization.
How does Azure AD for nested groups work?
We created a custom integration to connect your Microsoft Azure Active Directory (Azure AD) to your Atlassian organization. You can use it to complete the following tasks:
Sync users and their details to your Atlassian cloud organization
Sync users and groups (flat and nested groups)
Flatten nested groups when you sync, which allows you to keep all effective group memberships
Verify your domains from Azure AD
Configure and enforce SAML single sign-on
You can complete these tasks through a single and easy setup, which doesn’t require SCIM and SAML. Instead, the integration relies on Microsoft Graph APIs for user provisioning, which is automatically set up after you log in with Microsoft to Azure AD.
Support for nested group memberships
When you connect Azure AD to Atlassian and sync your groups, we flatten the nested group structure. When we flatten the nested groups, we keep your group memberships.
Azure AD does not support the flattening of nested groups natively when using the SCIM protocol but other identity providers, like Okta, support it natively. For more information on nested groups and how we handle them go to Learn more about nested groups
For information about limitations, go to Limitations of Azure AD for nested groups
Was this helpful?