This site requires JavaScript to be enabled
External Customer KB > General > Provision Users to Atlassian Cloud
Provision Users to Atlassian Cloud
Article: KB0011120 Published: 09/21/2021 Last modified: 09/21/2021

This article describes how to configure OneLogin to provision users with Atlassian Cloud.

Prerequisites

Configure SSO for Atlassian Cloud

Enable OneLogin SCIM integration in Atlassian Cloud

The articles below discuss configurations for user provisioning in Atlassian.

User Provisioning

Configure User Provisioning

Enable Atlassian Cloud provisioning in OneLogin

    1. Log in to OneLogin as a Super user or Account Owner and go to Apps > Company Apps > Atlassian Cloud.

    2. On the Configuration tab, connect to the Atlassian Cloud API.

      company apps


        1. Enter your API GUID.

        2. Enter the Atlassian Cloud OAuth Bearer Token that you copied from Atlassian Cloud in the previous task. 

        3. Click Enable.

          If the connection is successful, the API Status icon switches to .

          Note: For more information on how to get your API GUID or SCIM Bearer Token, see Atlassian's Configure User Provisioning documentation.

    3. On the Provisioning tab, enable provisioning and set your admin approval policy.

      1. Select Enable provisioning for Atlassian Cloud.

      2. Select the provisioning actions that require admin approval.

        If you select any of the available actions, an admin must go to Users > Provisioning and manually approve the action every time it occurs.

        Enabling these options is useful, especially before you start provisioning. Once you enable provisioning here, you could trigger provisioning during the course of setup and testing. With this safeguard enabled, a OneLogin administrator can ignore any inadvertent provisioning.

        Once you complete configuration, testing, and provision, you can update the settings to leave action options clear if you want OneLogin to make provisioning updates in Atlassian Cloud without requiring administrative approval.

      3. Select how users that are deleted in OneLogin are handled in Atlassian Cloud.

        Choose between Delete, Suspend, and Do Nothing.

    4. On the Parameters tab, confirm the mapping of Atlassian Cloud attributes to OneLogin attributes.

    5. SAML Attributes

      The following parameters are used for SAML and should not be updated when enabling provisioning. In most cases, they should be left to their default values.

      • First Name
      • Last Name
      • Internal ID
      • NameID
    6. SCIM Attributes

      The following parameters are required to be configured before provisioning users.

      Display Name is used for provisioning. Edit the parameter and set the value type to - Macro - and the value to {firstname} {lastname}

    7. SCIM Username is used for provisioning. Keep the default OneLogin value of Email.

      There are additional Optional Parameters which can also be configured for user provisioning but they are not required.

      company apps

    8. Groups

      Atlassian Access groups provide user access to Atlassian products. Only Access groups can be imported into OneLogin. Traditional Atlassian groups will not be imported into OneLogin.


      1. You must create Access groups via SCIM. Documentation on creating groups via SCIM can be found here.

        Note: Once User Provisioning is enabled in Atlassian Access, OneLogin is the source of truth for your Access Groups. Groups can't be created or edited via the Atlassian Access UI. All further Group creation and editing is controlled in OneLogin. Groups not associated with Access aren't affected by this.

      2. To confirm that provisioning from OneLogin to Atlassian Cloud is working, assign Atlassian Cloud to a OneLogin user and go to Users > Provisioning to approve the provisioning event, if necessary. 

      3. When the user is marked as Provisioned, go to Atlassian Cloud and confirm that the new user has been added.

      company apps

      Note: For more information about how to create groups with SCIM, see Provision Groups via SCIM.


Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo