Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Questions: Atlassian Access and Okta for user provisioning

Gabriel Viger
Gabriel Viger
Contributor
July 22, 2019

Hello everyone,

We are about to activate Atlassian Access and use Okta for user provisioning on our two sites and we have a few questions before we proceed:

  1. Is there a prerequisite to have SSO enabled before configuring user provisioning from Okta?
  2. Will existing groups and product access linked to those groups be deleted when activating Atlassian Access and user provisioning with Okta?
  3. Is it possible to do user provisioning with Okta by assigning users to a group that has no application access? (I have tried by creating a user and assigning it to a group with no product access and this user was automatically redirected to the portal of our JSD instance.)
  4. Does any vendors have already done this or could validate our group/product access structure before we proceed?
  5. Any tips on admins who already integrated Atlassian Access and Okta to do user provisioning?

Thanks a lot!

Gabriel

Answer
Watch
Like Anthony Owens likes this
1237 views

1 answer

1 accepted

1 vote
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 26, 2019

Hey Gabriel, happy to answer your questions!

  1. Is there a prerequisite to have SSO enabled before configuring user provisioning from Okta?
    No, we don't require that SSO is already configured before setting up user provisioning. This is based on the prerequisite list on the Configure User Provisioning with Okta document.

  2. Will existing groups and product access linked to those groups be deleted when activating Atlassian Access and user provisioning with Okta?
    No, in fact we go to extra measures to ensure your existing groups aren't modified at all. Access will throw you an error if there are groups in Okta named the same things as your existing Atlassian Cloud groups. From the unsupported features section of the user provisioning document:

    Pushing a group from your IdP that has the same name as a group in your organization. Otherwise, you'll get an error when you try to sync.
  3. Is it possible to do user provisioning with Okta by assigning users to a group that has no application access? (I have tried by creating a user and assigning it to a group with no product access and this user was automatically redirected to the portal of our JSD instance.)
    Yes, this is actually the default behavior. New groups you create/sync from Okta (for example, "jira-okta-users" and "confluence-okta-users") have no application access. You'll need to modify the applications, projects, and spaces you want to grant access to in order to include those new Okta groups.

  4. Does any vendors have already done this or could validate our group/product access structure before we proceed?
    A quick search turned up that Service Rocket has some experience here as an Atlassian Partner setting this up. Their blog post mentions that they are well set up to take requests for help through their contact form.

  5. Any tips on admins who already integrated Atlassian Access and Okta to do user provisioning?
    My suggestion is reading through our troubleshooting documentation before setup to get some ideas on what not to do in order to have a smooth setup.

 

Cheers,
Daniel

View More Comments
Gabriel Viger
Gabriel Viger
Contributor
July 30, 2019

Thanks Daniel :)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.