User Management

Step1: Check the License of the Plugin.

• If you’ve already generated a license click here to access it and update it in the License key box on Manage apps Page.
• If you don’t have a license follow the steps here to generate the license.

Step 2: Check Settings of the Plugin.

• Verify the configurations of the plugin as per the documentation.

• • Jira User Sync Setup Guide
  • Confluence User Sync Setup Guide
  • Jira SCIM Setup Guide
  • Confluence SCIM Setup Guide

If the issue persists, please contact atlassiansupport@xecurify.com with the plugin error logs mentioned in the plugin’s Troubleshooting tab.

Synchronize the users from multiple user stores in Atlassian applications using miniOrange user sync. When user Identities are stored in different User stores it is a time-consuming process to reflect them in Atlassian applications like Jira and Confluence. It may cause errors in maintaining the access of the different projects and services. Here we will go through a guide to configure user provisioning between the Atlassian application and multiple Identity Providers. By the end of this guide, users from your Identity Providers should be registered in the Atlassian applications.

The use cases supported here:

• User and Group Provisioning for Multiple Azure AD tenants
• User and Group Provisioning using multiple Identity Providers 

Prerequisites:

• The Identity Provider should have the SCIM provisioning feature.

Step1: Setup User and Group provisioning for single-tenant/ Identity Provider

Step a: Setup SCIM for provisioning

Please follow the guides mentioned here to set up the SCIM for your identity provider/tenant.

• • Azure ad SCIM Setup
  • OneLogin SCIM Setup
  • Okta SCIM Setup

Step 2: Setup another App for 2’nd Identity Provider or Tenant

To configure the second app, you don’t need to add any configurations in the plugin. Multiple app provisioning is possible through SCIM provisioning in the plugin. miniOrange User Sync/SCIM app provides SCIM Base URL and Bearer Token which is required to validate Authorization of API Call. These details are required to be added in the application at your Provider end.  Whenever any CRUD operation is performed on the user, the Provider will send the appropriate response to the app and will validate the response. The further actions will be entirely based on the configurations set up by the administrator in the miniOrange UserSync/SCIM app.

Steps to follow:

• Create the SCIM App on your identity provider end with the same base URL and bearer token which you used for the first application.
• Enable provisioning for the second application that you have created.

Now you will be able to sync users and groups from multiple Identity providers/tenants using a single set of SCIM credentials.

Multiple Azure AD Domain Users can be provisioned to the Atlassian application via SCIM.

Step1: Setup User and Group provisioning for the first domain

Step a: Setup SCIM for provisioning.

Please follow the guides mentioned here to set up the SCIM for your domain.

• Azure ad SCIM Setup

Step 2: Setup another App for 2’nd Domain

To configure the second app, you don’t need to add any configurations in the plugin. Multiple app provisioning is possible through SCIM provisioning in the plugin. miniOrange User Sync/SCIM app provides SCIM Base URL and Bearer Token which is required to validate Authorization of API Call. These details are required to be added in the application at your Provider end.  Whenever any CRUD operation is performed on the user, the Provider will send the appropriate response to the app and will validate the response. The further actions will be entirely based on the configurations set up by the administrator in the miniOrange UserSync/SCIM app.

Steps to follow:

• Create the SCIM App in your another domain with the same base URL and bearer token which you used for the first application.
• Enable provisioning for the second application that you have created.

Now you will be able to sync users and groups from multiple domains /tenants using a single set of SCIM credentials.

A. SCIM App is configured in Atlassian application

To Sync group membership of azure ad groups in Atlassian applications like Jira and confluence, Please create enterprise application within your azure AD domain/Directory which supports provisioning.

You can follow the steps mentioned here to configure SCIM App in Azure AD

• Select the application that you have created from the application list.
• Click on the Users and Groups option from the left panel. You will see a view like this.
  
• Click on the Add User/Group button.
• It will generate an Add Assignment window and select the Users/Groups you want to.
  
• Click on Assign to finish the setup.

B. REST API Setup is configured in Atlassian application

REST API Setup synchronizes all users and groups in your tenant, So you will not be needed to explicitly assign users/groups.

A. SCIM App is configured in Atlassian application

• Select the application that you have created from the application list.
• Go to the Assignments tab. Click on the Assign button.
• Select Assign to People to assign the application to a particular User.
• Select Assign to Groups to assign the application to a particular group.
  
• You can also push group assignments using the Push Groups option.
• Select the Push Groups option and assign the Find Groups by Name to push a single group.
• Provision of multiple groups by option Find Groups By Rule.
  

A. REST API Setup is configured in Atlassian application

• Create a Web application in Okta which supports SAML/OpenID Connect
• Enter the App Id of the SAML/OpenID Connect App that you have created in OKTA in the Okta App ID field of miniOrange User Sync Plugin, so that provisioning operation will be performed on assigned users and groups only.
  
• Leave blank if you want to import all the users from OKTA.
• To get the APP ID, open the application in OKTA, navigate to the URL and copy the ID from there.

The User Sync plugin allows you to create users in the application directory if they are not found. However, it may happen that the username coming from your provider does not match with the username from the Atlassian application, resulting in creating a duplicate user.

What is the solution to the above problem?

You can apply the regex to the incoming username and transform the username to match it with the username of the Atlassian application.

Steps to enable REGEX:

• Select the Provisioning Operation tab from the left panel of the miniOrange User sync Plugin.
• Select the check box Apply regular expression on Username.
• Enter the Regex values as per instructions mentioned at the bottom.
• You can also test the configured REGEX Pattern using the Test REGEX Button.
  
• Make sure that Transformed Value matches with the username of your Atlassian application.