G Suite / Google Apps
Below, you find information to setup GSuite/ Google Apps and our SAML SSO apps for Atlassian Data Center & Server products. If you need our help or have questions, you can contact us via our helpdesk or book a free screen share session at https://resolution.de/go/calendly.
Step-by-Step Guides for SAML2
Based on your user provisioning model, pick one of the following step-by-step guides.
In most cases we recommend to use GSuite with User Sync.
- Google Cloud Identity with User Sync 
 Setting up User synchronisation with GSuite, as well as authentication via SAML
- Google Cloud Identity with Just-In-Time Provisioning 
 Setting up authentication via SAML with GSuite and using Just-in-Time Provisioning to create/update User Accounts during login. GSuite does not support to transmit groups via SAML attributes. Hence, groups must be managed locally in your Atlassian Data Center or Server product.
- Google Cloud Identity with Manual Provisioning 
 Setting up authentication via SAML with GSuite for Users that already exist in the Atlassian Data Center or Server product.
Some important notes:
- User Sync functionality is currently only available for Jira Data Center, Jira Server, Confluence Data Center, Confluence Server, & Bitbucket Data Center and Server. 
Step-by-Step Guides for OpenID Connect
- OpenID Connect for Google Cloud Identity with User Sync 
 Setting up User synchronisation with GSuite, as well as authentication via SAML
- OpenID Connect for Google Cloud Identity with Just-In-Time Provisioning 
 Setting up authentication via SAML with GSuite and using Just-in-Time Provisioning to create/update User Accounts during login. GSuite does not support to transmit groups via SAML attributes. Hence, groups must be managed locally in your Atlassian Data Center or Server product.
- (6.15.x) OpenID Connect for Google Cloud Identity with Manual Provisioning 
 Setting up authentication via SAML with GSuite for Users that already exist in the Atlassian Data Center or Server product.
Some important notes:
- User Sync functionality is currently only available for Jira Data Center, Jira Server, Confluence Data Center, Confluence Server, & Bitbucket Data Center and Server. 
Which Step-by-Step Guide you should pick?
Depending on your Atlassian product, you can choose from different user provisioning models. We recommend using User Sync, since it is easy to setup and maintain.
In general, with GSuite we support the following ways for user provisioning:
- User Sync allows to sync users periodically from GSuite, but also when they log in for the first time into your Atlassian Data Center or Server product. See our detailed article for User Sync. 
- Just in Time Provisioning allows to create and update users on-the-fly when they log in. See our detailed article for JIT. 
- LDAP synchronisation from Active Directory. Is you instance still synchronised to your Active Directory via LDAP, you can continue to do so. Please follow the "Manual User Management" Guide in this scenario. 
- For Manual User Management, the administrator has to has to create and update users on GSuite and your Atlassian product by hand. 
 We do not recommend it. See our article for Manual User Management.
| Model/Function | Admin Effort | Pro's and Con's | 
|---|---|---|
| User Sync | Low | 
 | 
| Just in Time Provisioning | Medium | 
 | 
| Manual User Management | High  | 
 | 
