In this section, we explain how to do user provisioning with the AWS app.

There are two patterns for provisioning users with our AWS ALB Authentication app:

  • For individual users, during login

  • Syncing the entire user directory, without authentication

Each pattern, together with the different ways to implement it, is discussed below.

Provisioning individual users with AWS ALB Authentication during login

We are allowing it for two different setups:

  1. Create and update users with the claims as sent by the load balancer (Just-In-Time).

  2. During login, connect to the identity provider and sync the user via the REST API of the identity provider.

Provisioning users by synchronizing the directory (without authentication)

Since version 2.0, AWS includes a full User Sync module.

With this module, user accounts can be synchronized from the cloud Identity Provider into the Atlassian application.

There are mainly two options:

  • Schedule synchronizations at regular intervals

  • Trigger synchronizations manually

To use either of the options above, customers must first create a User Sync connector with their IdP.

Below are the guides to configure User Sync connectors with the Identity Providers that are currently supported:

Azure AD

Google Cloud Identity