Below, you find information to setup SSO for AWS and our apps.
If you our need help or have questions, you can contact us via our helpdesk or book a free screen share session at

Step-by-Step Guides

Based on your user provisioning model, pick one of the following step-by-step guides.

  • AWS with Just-In-Time Provisioning
    Setting up authentication via SAML with AWS and using Jut-in-Time provisioning to create/update user accounts during login.
    AWS does not support transmitting groups via SAML attributes. Hence, groups must be managed locally in your Atlassian product.

Which Step-by-Step Guide you should pick?

Depending on your Atlassian product, you can choose from different user provisioning models.

In general, with AWS we support the following ways for user provisioning:

  1. Just in Time Provisioning allows to create and update users on-the-fly when they log in. It is not possible to send groups via SAML for AWS. Thus, groups must be managed locally. See our detailed article for JIT.
  2. LDAP synchronisation from Active Directory. If you instance still synchronised to your Active Directory via LDAP, you can continue to do so. Please follow the "Manual User Management" Guide in this scenario.
  3. For Manual User Management, the administrator has to has to create and update users on AWS and your Atlassian product by hand.
    We do not recommend it. See our article for Manual User Management.

Model/FunctionAdmin EffortPro's and Con's
Just in Time Provisioning


need to manage groups locally on your product instance

  • Creates & Updates users based on information in the SAML Response during Login
  • AWS does NOT support transmitting groups.
  • Users are only created on their first Login.
  • Users & Groups are updated only during SAML authentication.
  • Users cannot be marked disabled (as AWS will not complete the Authentication for a deleted/disabled User)
Manual User ManagementHigh

  • Here no sync happens
  • Needs manual maintenance of 2 User bases (or is done via custom developments).