In this article, we’ll witness Sixt Lease’s transition from a Server infrastructure to a Data Center instance that leverages the best of the native Atlassian enterprise functionality with the most advanced apps from the Atlassian Marketplace for user provisioning.
In a migration to Data Center, User Management processes, including authentication and user provisioning processes, need to be analyzed separately to find the most convenient solution. Sixt Lease’s architecture is a good example of how to leverage existing functionality in Data Center applications with the most advanced apps from the Marketplace.
In early 2020, Sixt Leasing decided to have their own Jira and Confluence instances on Data Center. This implied that the subsidiary would segregate from Sixt’s Server instance.
Customizations and third party add-ons were evaluated by TNG consulting and IT Management at Sixt Leasing. They followed two requirements:
When the time arrived for resolution’s Single Sign-On, this was the verdict:
TNG’s consultants started looking for an add-on that could provision users seamlessly.
Their recommendation was resolution’s User Sync. The app that integrates user directories of Atlassian applications and Identity Providers via REST API. No code needed.
Therefore, Sixt leasing implemented a solution:
In September 2020, Atlassian launched Just in Time user provisioning for its Data Center SAML SSO.
At this point, SIXT leasing reconsidered its SSO setup. They had the chance to drop User Sync and only use the built-in functionality instead.
The benefits were clear: lower costs, and a simpler implementation.
So why wasn’t User Sync dropped? An approval process in perfect sync.
Just in Time can’t update supervisor roles. With User Sync, issue approvals are reliable at all times.
Every employee at Sixt Leasing is assigned a supervisor who is responsible for approvals.
The approval process is based on a scriptRunner workflow validation. Only the supervisor and the supervisor’s supervisor can approve an issue, i.e. perform a specific workflow transition.
Supervisor roles are stored in the external directory as a user attribute. Since they change frequently, they are only maintained on the Identity Provider. From there, they should propagate to several tools, including Jira.
Supervisor attributes are synchronized into Jira with User Sync.
That synchronization would have been impossible with Just in Time provisioning. JiT only updates the information of a user when they successfully login. The accuracy of the approval process would depend on whether the user logs in after his supervisor has changed.
IT management and TNG consultants agreed it was beneficial to stick to the initial design. User Sync provisions and updates users, and Data Center SAML SSO deals only with authentication.
As a result, Sixt Leasing can benefit from the advantages of the SSO functionality shipped with Data Center Applications, and enforce its approval processes in Jira at all times.
Sixt Leasing SE, a former subsidiary of Sixt SE, provides full-service leasing solutions for corporate customers, as well as car rents for private and commercial customers through a convenient online platform.
Sixt Leasing SE, a former subsidiary of Sixt SE, provides full-service leasing solutions for corporate customers, as well as car rents for private and commercial customers through a convenient online platform.
TNG Technology Consulting is an Atlassian Gold Solution Partner and Atlassian Marketplace Vendor.
Cookie | Duration | Description |
---|---|---|
_gat_UA-44969175-9 | 1 minute | A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
CONSENT | 16 years 3 months 13 hours | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_fbp | 3 months | This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website. |
b3e783bb62 | session | This cookie is set by the provider Zoho. This cookie is used for collecting information on user interaction with the web-campaign content. This cookie helps the website owners to promote products and events on the CRM-campaign-platform. |
fr | 3 months | Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Store user preferences |
_zcsr_tmp | session | Used for website security |
1e5a17c8ab | session | No description available. |
3eb9b21c5c | session | No description available. |
4662279173 | session | No description available. |
AnalyticsSyncHistory | 1 month | Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries |
cookielawinfo-checkbox-functional | 1 year | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
CookieLawInfoConsent | 1 year | Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie. |
d4bcc0a499 | session | No description available. |
li_gc | 2 years | Used to store consent of guests regarding the use of cookies for non-essential purposes |
m | 2 years | No description available. |
zft-sdc | 12 hours | This cookie stores metadata ( entrances, source etc) of a session which is used by full tracking. (https://www.zoho.com/privacy/cookie-policy.html) |
zps-tgr-dts | 1 year | This cookie stores the session's metadata on your website. |
zsc | 30 minutes | Zoho Service Communication Key. |