Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Admin roles and Active Directory (EntraID)

jessica.huebner
jessica.huebner
Contributor
April 29, 2025

I am on Jira Cloud Standard. In Atlassian Admin, I have user provisioning via my identity provider, MS Azure AD (AKA Entra ID). I remembered reading an article that mentioned certain admin roles, specifically  org admins could not be provisioned through user groups, but perhaps I misread/misinterpreted. My question is this: Can I provision the following roles via Azure AD? Any guidance would be appreciated!

  • org admins
  • site admins
  • User access admins
  • Billing admins
  • Business contacts
Answer
Watch
Like Kieren _SmolSoftware_ likes this
119 views

1 answer

1 accepted

1 vote
Answer accepted
Kieren _SmolSoftware_
Kieren _SmolSoftware_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 29, 2025

Hi @jessica.huebner 

Short answer

You cannot provision org admins, site admins, Billing admins or Business contacts directly via your IdP groups. You can for the User access admins.

 

Long Answer

Org and Site admin

The org admin and site admin roles are granted to users via special/protected/fixed groups:

  • org-admins
  • site-admins

This can be overcome using either the Atlassian APIs to add/remove users to these groups using scripts or a marketplace app, like Admin Automations, to sync users between your IdP groups to the org-admins and site-admins groups.

Note: I work for Smol Software, who creates the Admin Automations app.

User Access Admin

The User access admin roles can be granted to any group, including your IdP groups. You can open a group in admin.atlassian.com and 'Add Product', then select the User Access Admin role for the product you want.

Screenshot 2025-04-30 at 8.54.09 am.png

Screenshot 2025-04-30 at 8.54.48 am.pngThe User Access Admin role does still need to have default groups, similar to other product access groups. e.g. confluence-user-access-admins-smolsoftwarejira-software-user-access-admins-smolsoftware. You cannot change the default group to be an IdP sync'd group.

Billing admin and Business Contacts

The Billing admin and Business Contact role is granted directly to a user via the Billing Console, https://admin.atlassian.com/billing. They cannot be granted via a group and there is no API available for it. 

 

Hope that helps!

View More Comments
Kieren _SmolSoftware_
Kieren _SmolSoftware_
Atlassian Partner
April 30, 2025

For reference, here's the main page on what these roles do:

https://support.atlassian.com/user-management/docs/what-are-the-different-types-of-admin-roles/

Like jessica.huebner likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.