Set up Google Workspace

We’re currently rolling out changes that affect the content on this page. From your organization at admin.atlassian.com, if the Users list and Groups list are under the Directory tab, you have the improved user management experience. We’ll note changes for the improved experience in the content below.

A diagram of an new admin.atlassian.com view that shows a new Directory tab instead of Users and Groups

Note this difference if you have the improved user management experience: any references to “organization’s site(s)” in this section are now “organization”.

You can now find Google Workspace in the same place you manage any identity provider. To find it, go to Security > Identity providers. Learn more about identity providers

When you’ve connected to Google Workspace, any updates you make to user accounts in Google Workspace sync to those accounts in your organization’s site(s), overwriting any changes made to the Atlassian account.

Because we automatically verify the domains of your Google Workspace account, you’ll be able to manage account details for users on your domains that don’t sync from Google Workspace.

We let users know that your organization manages their accounts in two places:

  1. Notifications – Users receive updates from within the product.

  2. Profile and visibility page – Users manage personal account information.

Learn about managed accounts and domain verification

Manage your users at the organization level

You’ll need to be an organization admin to access organization-level tasks like:

  • provisioning user groups

  • syncing all users to a new group or sync specific groups to your organization

  • enabling and disabling automatic syncing

If you’re not an organization admin and you’d like to continue administering Google Workspace, please reach out to an organization admin to become one.

Sync settings for Google Workspace

Before you sync your Google Workspace, you’ll need to set up your sync settings. These settings will appear on the Setup page.

We offer a subscription to Atlassian Access with all the Google Workspace settings to better manage users and security. We also offer a free version of Google Workspace with fewer settings.

Here’s a breakdown of the different settings:

 

Settings

Without Atlassian Access

With Atlassian Access

Description

Description

Update sync status

 

Enable and disable syncing

 

Enable and disable syncing

Select users to sync

Sync all users from Google Workspace to one group in your organization

Sync specific groups with their users from Google Workspace to your organization

Deactivate accounts

When you suspend, archive, or delete accounts in your Google Workspace, you need to deactivate the account manually in your organization

Automatically deactivate accounts in your organization that you suspend, archive, or delete in your Google Workspace

Personalize email invites

Add a personal message in an email to new users

Add a personal message in an email to new users

User login

Users have a choice about how they log in, either with Google or with Atlassian

Require synced users to log in only with Google

Disconnect Google Workspace account

When you disconnect, we don't save any of your Google Workspace settings. You can start syncing your users again by setting up another connection to Google Workspace.

When you disconnect, we don't save any of your Google Workspace settings. You can start syncing your users again by setting up another connection to Google Workspace

User syncing

The Google Workspace syncing process is a one-way sync. Any changes you make to Google Workspace will be reflected in Atlassian. Organization admins grant product access to a synced group or groups.

To choose how to sync:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Navigate to Security > Identity providers and select your Google Workspace directory.

  3. Select Sync all

  • To sync all existing and future users to a new group of Google Workspace users. Here’s an example of syncing all groups from your Google Workspace to your organization.

 

Users sync from Google Workspace to one group in Atlassian

3. Select Sync specific groups with their users

To sync specific groups with their users, you’ll need a subscription to Atlassian Access.

  • Syncing specific groups with their users is a more convenient form of managing users since you can assign users to a specific group. Here’s an example of syncing specific groups from your Google Workspace to your organization.

Sync specific groups from Google Workspace to Atlassian

Update product access for users

After a sync is complete, you need to give product access to new users.

To grant product access for new users:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Product access in the left nav.
    This step is different if you have the improved user management experience. Select Products, then for the product you want to grant access to, select Manage Access.

  3. Add groups that have new users to products.

Enable and disable sync

You can enable and disable the syncing process at any time.

When you enable sync, your users sync from Google Workspace every 4 hours. When you disable sync, previously synced users maintain product access and your Google authentication setting still applies.

Send email invites with a personal message

When we create Atlassian accounts for new users during a sync, we automatically email them Atlassian account, product access, and login details. You can choose to add a personal message to the email with special instructions.

Deactivate accounts

To automatically deactivate accounts, you’ll need a subscription to Atlassian Access.

When you suspend, archive, or delete accounts in your Google Workspace, we automatically deactivate those accounts in your organization.

User login

To require users to log in with Google, you’ll need a subscription to Atlassian Access.

G Suite authentication policies apply when users log in to your Atlassian products with Google. By default, both synced and unsynced users from Google Workspace choose whether to log in with Google or their Atlassian account.

If you opt for requiring users to log in with Google, we’ll share this in the email invite that we send to users with other account information.

Use Google Workspace single sign-on with authentication policies

You can configure your security settings in authentication policies. Authentication policies give you the flexibility to configure multiple security levels for different user sets within your organization. 

Authentication policies also reduce risk by giving you the ability to test different single sign-on configurations on a subset of users before rolling them out to your whole company.

To enforce Google Workspace in an authentication policy:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Navigate to Security > Identity providers and select your Google Workspace directory.  

  3. From the Google Workspace setup or Google Workspace settings page.

  4. Select Enforce Google login for your users.

  5. Select Edit policies and follow the prompts.

Learn more about editing authentication settings and members. 

Manage groups, users, and product access

You can manage your Google Workspace groups, users, and product access for your organization at any time.

To manage users and product access:

  1. Navigate to your organization at admin.atlassian.com.

  2. Select Sites and Products in the left nav.

  3. Go to either Users or Product access.

To manage groups:

  1. Go to your external Google Workspace to make group changes.

Resolve group conflicts before you sync

Note this difference if you have the improved user management experience: any references to “Atlassian site(s)” in this section are now “Atlassian organization”.

When you set up user provisioning, you may run into the situation where your groups in your Atlassian sites have the same names as groups in your identity provider (IdP).

When you sync, we’ll warn you about duplicate group names between your IdP and your Atlassian sites. You’ll then be able to accept or reject changes to group members before you sync those groups. Learn more about resolve group conflicts when syncing users

 

Additional Help