SAML Single Sign-OnSAML Single Sign-On
Try For Free

Azure AD

Below, you find information to setup Azure AD and our apps. If you our need help or have questions, you can contact us via our helpdesk or book a free screen share session at https://resolution.de/go/calendly.

Step-by-Step Guides

Based on your user provisioning model, pick one of the following step-by-step guides.

In most cases we recommend to use Azure AD with User Sync.

Some important notes:

  • User Sync functionality is currently only available for Jira, Confluence & Bitbucket.



Which Step-by-Step Guide you should pick?

Depending on your Atlassian product, you can choose from different user provisioning models. We recommend using User Sync, since it is easy to setup and maintain


In general, with Azure AD we support the following ways for user provisioning:

  1. User Sync allows to sync users periodically from Azure AD, but also when they log in for the first time into your Atlassian product. See our detailed article for User Sync.

  2. Just in Time Provisioning allows to create and update users on-the-fly when they log in. A drawback for syncing groups from Azure is, that only group ids and no group names are sent.  See our detailed article for JIT.

  3. LDAP synchronisation from Active Directory. Is you instance still synchronised to your Active Directory via LDAP, you can continue to do so. Please follow the "Manual User Management" Guide in this scenario.

  4. For Manual User Management, the administrator has to has to create and update users on Azure and your Atlassian product by hand.
    We do not recommend it. See our article for Manual User Management.


Model/Function

Admin Effort

Pro's and Con's

User Sync


Low

  • Uses Azure API to perform regular sync

  • Users and Groups created & updated shortly after done in Azure AD

  • Users can be disabled

  • Additional attributes can be written to Jira User Properties

Just in Time Provisioning

Low, if no groups

High, with Groups from Azure
(Needs setting it up group transformation rules).

  • Creates & Updates users based on information in the SAML Response during Login

  • Users are only created on their first Login.

  • Users & Groups are updated only during SAML authentication.

  • Users cannot be marked disabled (as Azure will not complete the Authentication for a deleted/disabled User)

  • Azure AD only sends group IDs in SAML messages, not friendly names. This requires the setup of Group Transformation rules or acceptance of cryptic Group names in the Atlassian Application.




Manual User Management

High 

  • Here no sync happens

  • Needs manual maintenance of 2 User bases (or is done via custom developments).




 





This site uses cookies to deliver its service & to analyse traffic. By browsing this site, you accept the privacy policy.

Our Wiki uses cookies

We want to give you the best possible experience on our website. For this we use technically required cookies and, if you agree, cookies for analysis and marketing purposes. You can find more information about the cookies in our Privacy Policy. By tapping ‘Accept All,’ you consent to the use of these methods by us and third parties.

Necessary
Always Active
Analytics
Advertisement
Other