Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to Move from G Suite Sync to Atlassian Access

Rich Kirkpatrick
Rich Kirkpatrick
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 16, 2020

What are the steps & impacts of moving from G Suite Sync to Atlasssian Access (AA)?  G Suite Sync only allows users to be synchronized & access to be granted against.  We want to move to Atlassian Access to gain the ability to do this with Groups, however we currently have G Suite Sync setup.  On the User Provisioning page of AA, we are simply greeted with a "You must disconnect G Suite" message.  Has anyone gone down this road before?  Does this mean a complete teardown and rebuilding of our existing Confluence and Jira sites?

Answer
Watch
Like Avni Barman likes this
1432 views

1 answer

1 vote
Avni Barman
Avni Barman
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 22, 2020

Rich,

Thank you so much for reaching out to the Atlassian team about your question. Unfortunately, we don't currently support groups in the G Suite sync, and simply switching to SCIM user provisioning with Google Cloud Identity isn't possible because Google Cloud Identity doesn't support the SCIM groups object. You have two options:

1. If you are willing to wait a few months, we are currently working on a new G Suite integration that provides additional support to allow you to sync your groups for user provisioning via G Suite. You would be able to continue to sync your users through G Suite, use Google groups to grant product access, and continue to require your end-users to log in using Google.

2. You can move from the G Suite Integration to use SAML SSO and SCIM user provisioning with groups with another identity provider. To see a list of identity providers Atlassian supports alongside a detailed step by step of how to do this visit https://confluence.atlassian.com/cloud/user-provisioning-959305316.html) With this configuration you would be able to apply permissions and product access to synced groups. This would not be a complete teardown of your existing Confluence and Jira sites but rather a reconfiguration of SSO and user syncing. Your end-users accounts would not be affected, but they would log in differently. This would require a subscription to Atlassian Access. A couple of caveats: First, you must disconnect your existing G Suite connection. Additionally, upon disconnecting your existing G Suite integration, your end-users will no longer be required to log in using Google and your G Suite users will no longer be synced into your Jira/Confluence sites until you re-enable SSO with another identity provider. Okta (a 3rd-party identity provider) is offering a free account for Atlassian customers. Check it out here: https://www.atlassian.com/software/access/okta

Please reach out to the support team if you are interested in this! Hope this was helpful and let us know if you have any other questions.

Best,

Avni

View More Comments
Jeremiasz Stróżyk
Jeremiasz Stróżyk March 9, 2021

Hi @Avni Barman

I was digging in this subject and I've landed here. 

Did anything changed over last 6 months or there is still no way to use SAML and Google groups for access?

 

Kind regards,

Jerry

Like Devon Peña likes this
Devon Peña
Devon Peña April 5, 2021

Would love to know as well. We are currently on our 6 month trial through April. 

 

Thanks!

Like
Jonathon Yu
Jonathon Yu
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 16, 2021

Hi @Jeremiasz Stróżyk and @Devon Peña

A lot has changed since the original question, including the rollout of our new Google Workspace synchronization feature with Atlassian Access. If you're subscribed to Atlassian Access, you can now sync groups from GSuite as well as users, as well as enforce logging in with Google.

However, if your intention is to use both SAML SSO *and* connect a Google Workspace directory, currently we do not support using both. Atlassian Access can only connect to one external Identity Provider, so you'll need to choose which SSO and user provisioning provider you want to use. If you'd like to use multiple identity providers in a single Atlassian organization, please add your feedback here: 

https://jira.atlassian.com/browse/ACCESS-572

You can find our updated Google Workspace integration documentation here: https://support.atlassian.com/provisioning-users/docs/set-up-g-suite/

Like Sandy likes this
Devon Peña
Devon Peña May 17, 2021

@Jonathon Yu 

Hi!

Thanks for your reply. That makes sense; the greater objective is to be able to add Atlassian into an existing onboarding script. Do you have any resources for using your API to add users? Whether it be through Atlassian Access or the conventional GSuite Sync capability?

The resources I am finding through your website are confusing and not catalogued in a way that makes sense for what I am looking for. 

Thanks!

Devon 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Guard
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.