Switch from Azure AD for nested groups to SCIM

When you switch from Azure AD for nested groups to SCIM, you replace one identity provider option with another. You need to do this because you’re unable to use both options at the same time.

When you switch from Azure AD for nested groups to SCIM user provisioning, you retain product access for users and groups. We remove domains you synced or accounts you claimed from the domain. The amount of time it takes to complete the switch depends on the number of groups in your organization.

These are the steps you take to make the switch:

  1. Delete SAML (if you set it up)

  2. Disconnect your Microsoft account

  3. Disconnect identity provider Azure AD for nested groups

You’re not required to verify domains and claim accounts when you switch to the SCIM option for Microsoft Azure. We recommend you verify at least one domain for the users you’d like to manage. When your users become managed accounts, you can apply single sign-on.

Delete and disconnect Azure AD for nested groups

To remove Azure AD for nested groups:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Identity providers.

  3. Select your Identity provider Directory.

  4. Select Delete SAML.

  5. Select Disconnect Microsoft account.

  6. Select Disconnect identity provider.

To see instructions for steps 4-6, go to:

Connect Microsoft Azure AD SCIM

After you’re done with steps 1-3, you can switch to the SCIM option for Microsoft Azure AD.

  1. Delete SAML (if you set it up)

  2. Disconnect your Microsoft account

  3. Disconnect identity provider Azure AD for nested groups

These are the steps you take to connect Microsoft Azure AD SCIM:

  1. Verify domains and claim accounts to set up SAML

  2. Add and name your Microsoft Azure AD directory

  3. Connect Microsoft Azure AD for SCIM to your Atlassian organization

Configure SCIM user provisioning in your Azure AD

To configure SCIM user provisioning:

  1. Regenerate the API key for your directory.

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Identity providers.

    3. Select your Identity provider Directory.

    4. Select Set up user provisioning.

    5. Copy the values for SCIM base URL and API key.

    6. Save your SCIM configuration.

  2. Update the API key in Azure AD and restart user provisioning:

    1. In the Microsoft Azure platform that you used for SCIM user provisioning.

    2. Update the API key.

    3. Select Restart provisioning.

configure SCIM for Microsoft Azure


Learn more about how to configure user provisioning for Azure AD

    Still need help?

    The Atlassian Community is here for you.