User Sync attribute synchronization

Setting up user provisioning on the journey to Data Center

In this article, we’ll witness Sixt Lease’s transition from a Server infrastructure to a Data Center instance that leverages the best of the native Atlassian enterprise functionality with the most advanced apps from the Atlassian Marketplace for user provisioning.

A hybrid migration to Data Center SAML SSO and User Sync

In a migration to Data Center, User Management processes, including authentication and user provisioning processes, need to be analyzed separately to find the most convenient solution. Sixt Lease’s architecture is a good example of how to leverage existing functionality in Data Center applications with the most advanced apps from the Marketplace.

Sixt Leasing’s move to Jira Data Center

In early 2020, Sixt Leasing decided to have their own Jira and Confluence instances on Data Center. This implied that the subsidiary would segregate from Sixt’s Server instance.

Customizations and third party add-ons were evaluated by TNG consulting and IT Management at Sixt Leasing. They followed two requirements:

  • Sufficient usage by Sixt Leasing employees and projects.
  • Existence of a Data Center compatible version.

A hybrid SSO setup: SAML-based authentication and REST user provisioning

When the time arrived for resolution’s Single Sign-On, this was the verdict:

  • Atlassian’s native Data Center SAML SSO could replace user authentication…
  • but it could not solve user provisioning.

TNG’s consultants started looking for an add-on that could provision users seamlessly.

Their recommendation was resolution’s User Sync. The app that integrates user directories of Atlassian applications and Identity Providers via REST API. No code needed.

Therefore, Sixt leasing implemented a solution:

  • where Data Center native SAML SSO is used to authenticate users
  • And User Sync is used to provision and de-provision users

Evaluating Atlassian’s Just in Time provisioning

In September 2020, Atlassian launched Just in Time user provisioning for its Data Center SAML SSO.

At this point, SIXT leasing reconsidered its SSO setup. They had the chance to drop User Sync and only use the built-in functionality instead.

The benefits were clear: lower costs, and a simpler implementation.

So why wasn’t User Sync dropped? An approval process in perfect sync.

Just in Time can’t update supervisor roles. With User Sync, issue approvals are reliable at all times.

Every employee at Sixt Leasing is assigned a supervisor who is responsible for approvals.

The approval process is based on a scriptRunner workflow validation. Only the supervisor and the supervisor’s supervisor can approve an issue, i.e. perform a specific workflow transition.

Supervisor roles are stored in the external directory as a user attribute. Since they change frequently, they are only maintained on the Identity Provider. From there, they should propagate to several tools, including Jira.

Supervisor attributes are synchronized into Jira with User Sync.

That synchronization would have been impossible with Just in Time provisioning. JiT only updates the information of a user when they successfully login. The accuracy of the approval process would depend on whether the user logs in after his supervisor has changed.


IT management and TNG consultants agreed it was beneficial to stick to the initial design. User Sync provisions and updates users, and Data Center SAML SSO deals only with authentication.

As a result, Sixt Leasing can benefit from the advantages of the SSO functionality shipped with Data Center Applications, and enforce its approval processes in Jira at all times.

sixt leasing logo

Sixt Leasing SE, a former subsidiary of Sixt SE, provides full-service leasing solutions for corporate customers, as well as car rents for private and commercial customers through a convenient online platform.

Sixt Leasing SE, a former subsidiary of Sixt SE, provides full-service leasing solutions for corporate customers, as well as car rents for private and commercial customers through a convenient online platform.

TNG Technology Consulting is an Atlassian Gold Solution Partner and Atlassian Marketplace Vendor.