Overview

Starting with User Sync 2.10.0, the SCIM 2.0 connector now supports nested groups, allowing you to manage user memberships in hierarchical group structures. This feature significantly enhances the flexibility and efficiency of user data management. This page provides a guide on how to enable and utilize the nested groups feature in the SCIM 2.0 connector for User Sync.

Enabling Nested Groups

To enable the nested groups feature in the SCIM 2.0 connector, follow these steps:

In your Atlassian application, navigate to Administration > User Management > User Directories.
Identify the directory that is assigned to the SCIM 2.0 connector and click on Edit.
Look for the Enable Nested Groups checkbox and ensure it is enabled.
Save the changes to apply the settings.

Working with Nested Groups

How Nested Group Assignment works

With the nested groups feature enabled in the SCIM 2.0 connector, group provisioning follows the hierarchical structure established in your organization's directory (IdP). The SCIM 2.0 connector utilizes the group hierarchy built from the requests made to the SCIM endpoint, and as a result, users are automatically assigned to parent groups based on their memberships in child groups. Let's explore this behavior further with a practical example.

Example Scenario

Suppose we have an organization with the following group hierarchy in the directory:

Parent Group (Marketing)
- Child Group 1 (Marketing Managers)
- Child Group 2 (Marketing Associates)

User Assignment:

Now, let's consider two users and their assignments within the groups in the directory:

User 1 (John Doe):
- Assigned to the "Marketing Managers" group (Child Group 1)
User 2 (Jane Smith):
- Assigned to the "Marketing Associates" group (Child Group 2)

With the nested groups feature enabled in the SCIM connector, the provisioning process utilizes the directory's group hierarchy. When User 1 (John Doe) is assigned to the "Marketing Managers" group (Child Group 1), the user is automatically assigned to the Parent Group (Marketing) based on the group structure in the directory. This means that User 1 becomes a member of both the "Marketing Managers" group and the "Marketing" group.

Similarly, when User 2 (Jane Smith) is assigned to the "Marketing Associates" group (Child Group 2), the directory automatically provisions her to the Parent Group (Marketing), making her a member of both the "Marketing Associates" group and the "Marketing" group.

Resulting Group Memberships:

After the provisioning process, the group memberships for User 1 and User 2 in the connected applications will be as follows:

User 1 (John Doe):
- Member of "Marketing Managers" group (Child Group 1)
- Member of "Marketing" group (Marketing)
User 2 (Jane Smith):
- Member of "Marketing Associates" group (Child Group 2)
- Member of "Marketing" group (Marketing)

Managing Nested Groups

During the provisioning process with the nested groups feature enabled, the SCIM 2.0 connector automatically handles the assignment of users to nested groups. However, if you want to verify the hierarchy and see how users are associated with parent and child groups, you can do so in the Jira group management interface. This provides you with a clear overview of the hierarchical structure and allows you to ensure that users are correctly associated with their respective parent and child groups. Here's how you can view the group hierarchy in Jira:

Login to Jira as system administrator and navigate to Administration > User Management > Groups.
Select Edit Nested Group members.
To see the members of a specific group and its nested groups, you can click on the parent group's name to expand it. This action will reveal the child groups who are members of the selected group.

Troubleshooting

If you encounter any issues with the nested groups feature or face provisioning problems, consider the following steps:

Ensure the nested groups feature is correctly enabled in the SCIM connector's directory settings.
Review the system logs logs for any error messages or warnings related to nested group synchronization.

If the problem persists, don't hesitate to contact our support team for further assistance.

Nested Groups Support

Overview

Enabling Nested Groups

Working with Nested Groups

How Nested Group Assignment works

Example Scenario

User Assignment:

Resulting Group Memberships:

Managing Nested Groups

Troubleshooting

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products.

Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.

Overview

Enabling Nested Groups

Working with Nested Groups

How Nested Group Assignment works

Example Scenario

User Assignment:

Resulting Group Memberships:

Managing Nested Groups

Troubleshooting

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products. Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products.

Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.