Automated User Management in Jira

Freehand drawing of robot with keyhole in torso standing next to manager embracing a huge key. Technology metaphor for human computer interaction, HCI, security, secure access, control, interface.
Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on reddit
Reddit
Share on facebook
Facebook
User management shouldn't be a manual job. Learn how to automate the work so that all your Jira users are up to date and have access to what they need.

Table of Contents

Why you need to automate user management

Automating user management is one of the most important areas of improvement in Atlassian apps in general and in Jira. As long as administrators have to manually manage the entire access management lifecycle, your company will suffer from a series of chronic diseases:

  • Poor onboarding experiences, as new employees wait for their Jira account while the IT team make time on their schedule.
  • Constant distractions on the IT staff side, as provisioning users into Jira manually disturbs more important work.
  • Poor reaction to changes. New devices, relocations, promotions, new projects or revamped job descriptions happen every week. Without an automated process in Jira to align permissions, group memberships and application access, the administration burden of these changes can sink your productivity.
  • Latent access from former employees is a major security risk. How much confidential information do you store in your issues?
  • Temporary access to special users, such as contractors and partners, can keep your team jumping through the loops.

While small companies can still tackle these problems with hard work, scale makes manual work absolutely intolerable: no one will have visibility over every small change.

What can you do with automated user management in Jira

Once you automate user management in Jira, you will be able to forget about your internal user directory and run everything from your central directory or identity provider. As you make changes there, they will automatically propagate to Jira and any other Atlassian applications. This will allow your IT team to:

  • Create new employee accounts (user provisioning) before their first login.
  • Disable, deactivate or delete existing users (user deprovisioning) automatically as they leave the company
  • Manage group memberships on the IdP to make sure every user has the right permissions and can see the right projects.
  • Update user profiles (also called user attributes) periodically or upon login.

At this point you may be wondering… So what do I need to start automating user management in Jira?

The only option to automate the entire user lifecycle is to integrate Jira with your Identity Provider via REST API.

However, the specifics of implementing this type of automation will depend largely on your Jira deployment and where your corporate user directory lives.

How to automate user management in Jira Cloud

The sync wizard in Jira cloud

If you’re a customer of Jira Cloud, automating user management through the API with a cloud Identity Provider should be quite easy For example, if you’re using Okta to manage your user identities, you won’t need any additional solutions: simply follow this tutorial.

How to automate user management in Jira Server and Data Center

However, things will look a bit different for Server and Data Center, where there’s no possibility to directly integrate Identity Providers with Jira for provisioning users.

You have two main options: writing your own scripts or using a third party app from the Atlassian Marketplace, like User and Groups Sync by resolution.

Option 1: Write your own scripts

The user methods of Jira Server's REST API
Jira Server’s REST API for user management

What it is: Write your own scripts to modify the Jira user directory whenever a change is triggered from your Identity provider.

Pros: You’ll be in control of exactly how Jira users are synchronized from the Identity Providers’ API.

Cons:

  • Writing scripts for every possible situation can be cumbersome, and you will need talent and capacity to tackle this project
  • Maintaining scripts over time will be resource intensive
  • Since many of the Jira methods are experimental, changes in the API will certainly occur, resulting in lost connectivity while the scripts are fixed.

Option 2: User and Group Sync

User Sync will automate user updates from your IdP

What it is: User and Group Sync for Jira will make changes in your Identity Provider and synchronize them in Jira with one click.

Pros:

  • Covers the entire lifecycle management: user provisioning and deprovisioning as well as role-based access control (RBAC) through group memberships.
  • If your Identity Provider is not supported out of the box, a custom connector can be easily created by adapting our existing code.
  • Any additional information that you need to have in Jira about your users can easily be synchronized through intuitive attribute mapping
  • Compatible with using SAML SSO for authentication and included for free in resolution’s SAML Single Sign-On for Jira.

Cons:

  • Because it was not designed for authentication purposes, User Sync cannot be used currently to create passwords for newly provisioned users.

Read the product documentation for more details.

Conclusion

Automating user lifecycle management is not an option. It’s a must in any modern enterprise that takes security and usability seriously – particularly at a time when remote work and multi-device usage are putting pressure on the traditional notion of central, secure networks and applications.

If your current process is to manage the digital identities of your employees, partners and consultants from a central platform like Okta, Onelogin or Azure AD but you’re having issues throwing Atlassian Server or Data Center applications under the hood, you should try the API integration with User and Group Sync.

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on reddit
Reddit
Share on facebook
Facebook
SUBSCRIBE & FOLLOW
Get The Latest Updates
Subscribe To Our Newsletter
No spam, notifications only about new products, updates.
MOST POPULAR

Why still pay for Data Center SSO? Curated FAQs from over a dozen trainings

Over the last two months, our Co-CEO Christian Reichert went on a virtual tour to...

Read More

7 Benefits of Publishing HubSpot CRM Data in Confluence

HubSpot is a powerful source of information for the people who make decisions in your...

Read More

The 5 most exciting Confluence apps for marketing teams

There are many ways for Marketing teams to upgrade their Confluence experience and enjoy whiteboards,...

Read More

New User Sync integration with Linchpin User Profiles

Linchpin User Profiles are an essential piece of the Linchpin Intranet Suite, with hundreds and...

Read More
Categories
Tags
Read our recent posts
Hubspot CRM for Confluence macro
7 Benefits of Publishing HubSpot CRM Data in Confluence

HubSpot is a powerful source of information for the people who make decisions in your organization. But it’s not always...

Read More
The 5 most exciting Confluence apps for marketing teams

There are many ways for Marketing teams to upgrade their Confluence experience and enjoy whiteboards, calendars, planning, and budgets directly...

Read More
idp - usersync - linchpin
New User Sync integration with Linchpin User Profiles

Linchpin User Profiles are an essential piece of the Linchpin Intranet Suite, with hundreds and hundreds of Confluence customers. Adding...

Read More