Atlassian

User and group management

The Atlassian Cloud Provisioner links users and groups from the datastore to Atlassian Cloud. The behavior of each provisioning capability is described below.

Synchronizing existing users

By default, the provisioning connector synchronizes based on the userName attribute in Atlassian Cloud. You can change the default mapping in Creating a provisioning connection. For example:

  • In Atlassian Cloud, Janet’s userName is jsmith.

  • In your datastore, Janet’s sAMAccountName is jsmith.

  • On the Attribute Mapping tab of your PingFederate channel configuration, you map the userName attribute to sAMAccountName.

  • When the provisioning connector runs, the datastore user is provisioned with a userName of jsmith. That matches Janet’s existing userName in Atlassian Cloud, so her information in the datastore is synchronized to her Atlassian Cloud account.

User provisioning

Triggered by either of the following:

  • A user is added to the datastore group or filter targeted by the provisioning connector.

  • A user with "disabled" status is added to the datastore group or filter targeted by the provisioning connector, and the Provision disabled users provisioning option is enabled.

The target is determined by the Source Location tab in the provisioning connector configuration.

User updates

Triggered when a change occurs to a user attribute that is mapped in the provisioning connector configuration, such as an attribute change or the user being re-enabled from a disabled status.

User deprovisioning

Triggered by any of the following:

  • A user is deleted from the user store.

  • A user is disabled in the user store.

  • A user is removed from the datastore group or filter targeted by the provisioning connector.

The Remove User Action setting in the connection configuration determines whether the deprovisioning action disables or deletes the user.

Synchronizing existing groups

The provisioning connector synchronizes groups from the datastore to Atlassian Cloud based on the group name. For example:

  • In Atlassian Cloud, there is a group is named Accounting.

  • In your data store, there is a group with a CN of Accounting.

  • When the provisioning connector runs, the two groups are synchronized.

Group provisioning

Triggered when a group is added to the datastore filter that the provisioning connector targets.

The target is determined by the Source Location tab in the provisioning connector configuration.

Group name updates

Renaming the group in the datastore triggers PingFederate to rename the group in Atlassian Cloud.

Group membership updates

Changing group memberships through the group’s properties or a user’s properties triggers PingFederate to update the group membership in Atlassian Cloud.

Group memberships in the datastore overwrite the group memberships in Atlassian Cloud.

Group deletion

Triggered by any of the following:

  • Deleting the group in the datastore will trigger PingFederate to delete the group in Atlassian Cloud. Group deletions are permanent and cannot be undone.

  • The group is removed from the datastore group or filter targeted by the provisioning connector.