User & GroupsUser & Groups
Try For Free

Microsoft Entra ID (formerly Azure AD) configuration


Azure Active Directory is now Microsoft Entra ID (https://learn.microsoft.com/en-gb/entra/fundamentals/new-name).


This page contains information about how to set up Microsoft Entra ID and User & Group Sync for Atlassian Server or Data Center applications.
When you encounter different wording, please contact us and we will update the documentation.


Video Guide  



Quickstart guide

Go to portal.azure.com, click "Microsoft Entra ID" in the left panel and then choose "App registrations".

  1. Click on "New registration"

  2. Enter a "Name" for the app.

  3. Click on "Register".

  4. On this page you can see the "Application ID" and the "Directory (tenant) ID". You will need both to setup the Azure AD connector in User Sync.

  5. Click on "API permissions" in the left panel.

  6. Delete the default created permission since it's not needed.

  7. Click on "Add a permission" and choose "Microsoft Graph".

  8. Click on "Application Permissions".

  9. Search for the "Directory" entry, expand it and tick "Directory.Read.All".

  10. Click on "Add permissions" to add the permissions.

  11. Click on "Grant admin consent for ...".

  12. Next, click on "Certificate & secrets".

  13. Add a new Client secret by click on "New client secret".

  14. Enter a description for the secret and also set an expiry date. Click on Add to confirm.

  15. Copy the secret now ("VALUE"). You are not able to see it again after leaving that page. Please paste it to a text editor for the tutorial.


Now it is time to configure User & Group Sync in your Atlassian Server or Data Center product. Please keep the Azure website open, because we will need it later on.

  1. Now, go back to your Atlassian Server or Data Center product, and go to the User & Group Sync Configuration.

  2. Click Create Connector and choose Azure.

  3. First, paste the client secret (which you copied before) into the Application Secret.

  4. Next, go back to the Azure website and click Properties in the app you have created for User & Group Sync. Copy the Application ID and Directory (Tenant) ID and paste them into the User & Group Sync configuration in your Atlassian product.

  5. In the User & Group Sync configuration under the Sync Settings tab, activate Scheduled Synchronization. You can edit the Cron expression to set a synchronisation interval.



User guide 




Go to http://portal.azure.com and click the Microsoft Entra ID.

Microsoft Entra ID
Microsoft Entra ID


In the Microsoft Entra ID click App registrations.

app_registration
app_registration


Click New registration to create a new app.

new_registration
new_registration


Enter a name for your application and click on Register to proceed.

AAD3.png



Click API permissions in the left panel.

AAD4.png


Delete the default created permission since it's not needed.

AAD5.png


Click on Add a permission.

AAD6.png


Select Microsoft Graph.

AAD7.png



Choose Application permissions.

AAD8.png



Expand Directory and tick Directory.Read.All

AAD9.png



From SAML version 6.3.0 or User Sync 2.7.0 User Sync also supports syncing the profile pictures of users in Azure AD. To be able to use this feature, you additionally need to add User.Read.All as permission. 



image2023-1-12_16-12-24.png


Click on "Grant admin consent for ...".

image2023-1-16_17-8-13.png


It should look like this after granting admin consent:

image2023-1-16_17-10-59.png



For the next step, click on Certificates & secrets in the left panel, and then click on New client secret.

AAD13.png



Enter a description for the secret and also set an expiry date. Click on Add to confirm.

Please note that your secret will expire after 24 months. If syncs start failing in 24 months, you must create a new secret and update the secret in the connector.


AAD14.png



Your Client secret will display only once, thus copy the secret. Of course, it is possible to create a new secret, if you lost your secret.

Screenshot 2021-08-05 at 7.59.11 AM.png





Go overview page of the Microsoft Entra ID app. Copy the Application ID and the Directory (tenant ID). Now, it is time to head over to your Atlassian application.

AAD16.png



In your Atlassian application, go to User Sync,  click Create Connector, and choose Azure.

AAD17.png





Add the Application ID, Directory ID, and the Application secret. Use the Save and Test Connection button to check whether Azure's API endpoints are reachable and API permissions are set correctly.

Screenshot 2023-04-26 at 13.55.04.png



To take full advantage of User Sync, go to the Sync Settings tab and enable "Scheduled Synchronization". You can control the sync interval via a Cron Expression.
Do not forget to save your configuration by clicking on "Save and Return".

AAD19.png


You are now ready to commence either a simulated or a full sync. By simulating the sync first you will be able to verify your configuration and see what changes User Sync would apply like what users will be added, modified, or not modified. With the full sync, User Sync will apply those changes. Both sync actions will run a full sync and will have the same sync duration. For more information on the sync simulation, please refer to Using the Simulated Sync Feature.

image2023-8-31_13-0-56.png



Additional Resources:




This site uses cookies to deliver its service & to analyse traffic. By browsing this site, you accept the privacy policy.

Our Wiki uses cookies

We want to give you the best possible experience on our website. For this we use technically required cookies and, if you agree, cookies for analysis and marketing purposes. You can find more information about the cookies in our Privacy Policy. By tapping ‘Accept All,’ you consent to the use of these methods by us and third parties.

Necessary
Always Active
Analytics
Advertisement
Other