Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Provisioning with User Sync
User Sync is a feature of our SAML SSO plugin.
It allows to (periodically) sync users from Azure AD, Okta, GSuite, OneLogin and Keycloak to your Atlassian product instance.
It also provides functions similar to LDAP and can be used if LDAP is not an option for you.
In particular, User Sync is often used to deprovision users and cleanup inactive users, with strong implications in terms of license savings.
Advantages
- Similar advantages than LDAP
- User Sync has even more advanced functionality:
- Allows for group transformations. If you have a group at your IdP, but you want to rename it for your Atlassian product, User Sync can do this. E.g. a group called "users" on the Idp side can be transferred to "jira-users" for Jira.
- Assign local groups automatically. E.g. for a Confluence instance, assign "confluence-users" automatically.
- Black/White listing. Block certain groups from being synced or only allow special groups to be synced.
- Use a Cron expression for scheduling a sync.
- Choose between different cleanup behaviors when a synced user is not found in the IdP anymore
Disadvantages
- In contrast to LDAP, users can not log in with their local password. No passwords will be synced and there is no mechanism for User Sync to ask the IdP to validate the user.
- It is currently only available for Jira, Confluence, BitBucket and Bamboo. Additionally, only Azure AD, Okta, GSuite, OneLogin and Keycloak are supported as of the time of writing. However, custom connectors can be built with any cloud IdPs. Please reach out to us if you have problems configuring your own.