Provision and sync users from an identity provider
Make changes in your identity provider to users and groups and sync them to your Atlassian organization.
Set up Google Workspace
Which user management experience do you have?
To check, go to your organization at admin.atlassian.com and select Directory. If the Users and Groups lists are found here, then you are using the centralized user management. Learn more about the centralized user management
We’ll note these changes in the support documentation below.
Original | Centralized |
As a site admin or organization admin, Users is found under Product site.  | As an organization admin, Users is found under Directory tab.  |
You can now find Google Workspace in the same place you manage any identity provider. To find it, go to Security > Identity providers. Learn more about identity providers
When you’ve connected to Google Workspace, any updates you make to user accounts in Google Workspace sync to those accounts in your site or organization, overwriting any changes made to the Atlassian account.
Because we automatically verify the domains of your Google Workspace account, you’ll be able to manage account details for users on your domains that don’t sync from Google Workspace.
We let users know that your organization manages their accounts in two places:
Notifications – Users receive updates from within the product.
Profile and visibility page – Users manage personal account information.
Learn about managed accounts and domain verification
Manage your users at the organization level
You’ll need to be an organization admin to access organization-level tasks like:
provisioning user groups
syncing all users to a new group or sync specific groups to your organization
enabling and disabling automatic syncing
If you’re not an organization admin and you’d like to continue administering Google Workspace, please reach out to an organization admin to become one.
Sync settings for Google Workspace
Before you sync your Google Workspace, you’ll need to set up your sync settings. These settings will appear on the Setup page.
We offer a subscription to Atlassian Access with all the Google Workspace settings to better manage users and security. We also offer a free version of Google Workspace with fewer settings.
Here’s a breakdown of the different settings:
Settings | Without Atlassian Access | With Atlassian Access |
Description | Description | |
Update sync status |
Enable and disable syncing |
Enable and disable syncing |
Select users to sync | Sync all users from Google Workspace to one group in your organization | Sync specific groups with their users from Google Workspace to your organization |
Deactivate accounts | When you suspend, archive, or delete accounts in your Google Workspace, you need to deactivate the account manually in your organization | Automatically deactivate accounts in your organization that you suspend, archive, or delete in your Google Workspace |
Personalize email invites | Add a personal message in an email to new users | Add a personal message in an email to new users |
User login | Users have a choice about how they log in, either with Google or with Atlassian | Require synced users to log in only with Google |
Disconnect Google Workspace account | When you disconnect, we don't save any of your Google Workspace settings. You can start syncing your users again by setting up another connection to Google Workspace. | When you disconnect, we don't save any of your Google Workspace settings. You can start syncing your users again by setting up another connection to Google Workspace |
User syncing
The Google Workspace syncing process is a one-way sync. Any changes you make to Google Workspace will be reflected in Atlassian. Organization admins grant product access to a synced group or groups.
To choose how to sync:
Go to admin.atlassian.com. Select your organization if you have more than one.
Navigate to Security > Identity providers and select your Google Workspace directory.
Select Sync all
To sync all existing and future users to a new group of Google Workspace users. Here’s an example of syncing all groups from your Google Workspace to your organization.
3. Select Sync specific groups with their users
To sync specific groups with their users, you’ll need a subscription to Atlassian Access.
Syncing specific groups with their users is a more convenient form of managing users since you can assign users to a specific group. Here’s an example of syncing specific groups from your Google Workspace to your organization.
Update product access for users
After a sync is complete, you need to give product access to new users.
To grant product access for new users:
Go to admin.atlassian.com. Select your organization if you have more than one.
This step is different depending on your user management experience:
- Original: Select Product access in the left nav.
- Centralized: Select Products, then for the product you want to grant access to, select Manage Access.Add groups that have new users to products.
Enable and disable sync
You can enable and disable the syncing process at any time.
When you enable sync, your users sync from Google Workspace every 4 hours. When you disable sync, previously synced users maintain product access and your Google authentication setting still applies.
Send email invites with a personal message
When we create Atlassian accounts for new users during a sync, we automatically email them Atlassian account, product access, and login details. You can choose to add a personal message to the email with special instructions.
Deactivate accounts
To automatically deactivate accounts, you’ll need a subscription to Atlassian Access.
When you suspend, archive, or delete accounts in your Google Workspace, we automatically deactivate those accounts in your organization.
User login
To require users to log in with Google, you’ll need a subscription to Atlassian Access.
G Suite authentication policies apply when users log in to your Atlassian products with Google. By default, both synced and unsynced users from Google Workspace choose whether to log in with Google or their Atlassian account.
If you opt for requiring users to log in with Google, we’ll share this in the email invite that we send to users with other account information.
Use Google Workspace single sign-on with authentication policies
You can configure your security settings in authentication policies. Authentication policies give you the flexibility to configure multiple security levels for different user sets within your organization.
Authentication policies also reduce risk by giving you the ability to test different single sign-on configurations on a subset of users before rolling them out to your whole company.
To enforce Google Workspace in an authentication policy:
Go to admin.atlassian.com. Select your organization if you have more than one.
Navigate to Security > Identity providers and select your Google Workspace directory.
From the Google Workspace setup or Google Workspace settings page.
Select Enforce Google login for your users.
Select Edit policies and follow the prompts.
Learn more about editing authentication settings and members.
Manage groups, users, and product access
You can manage your Google Workspace groups, users, and product access for your organization at any time.
To manage users and product access:
Navigate to your organization at admin.atlassian.com.
Select Sites and Products in the left nav.
Go to either Users or Product access.
To manage groups:
Go to your external Google Workspace to make group changes.
Resolve group conflicts before you sync
When you set up user provisioning, you may run into the situation where your groups in your Atlassian site or organization have the same names as groups in your identity provider (IdP).
When you sync, we’ll warn you about duplicate group names between your IdP and your Atlassian sites. You’ll then be able to accept or reject changes to group members before you sync those groups. Learn more about resolve group conflicts when syncing users
Was this helpful?