Linchpin User Profiles are an essential piece of the Linchpin Intranet Suite, with hundreds and hundreds of Confluence customers. Adding cloud Identity Providers as a source of data is now possible with User Sync.
The holy grail of centralized user identity
Centralized user identities are gradually entering the mainstream. Both IT teams and users love this trend. Instead of being scattered across multiple services and tools, employees enjoy a single account with centralized roles across all company applications.
The story doesn’t end on how users access applications. It expands to how information about users travels with them. Projects, teams, roles, permissions, managers. Information hosted in a cloud Identity Provider like Azure AD (Entra) or Okta should propagate automatically to all connected applications, from the payroll tool to Confluence.
In the real world, however, things are not that simple. Sending information to Confluence Server and Data Center and making it accessible to other users requires a very specific configuration.
The challenge of populating Confluence user profiles
A Confluence administrator who wants to populate user profiles should be able to answer three questions about user data:
- How will user data be sent to Confluence? Traditionally, you would do an LDAP sync between Confluence and the Active Directory. But any company that moves to the cloud will break its LDAP connection, needing to look at other options, like SAML or REST requests.
- Where will it be stored? Confluence user profiles are the standard answer. This could be enough if everything can be stored in the available fields: Full Name, Email, Phone, IM (Instant Messenger details), Website, About Me, Position, Department, Location. But if you need to store managers or skills, you will need to look at other options like Linchpin User Profiles, with support for any number of additional fields.
- How will it be used and displayed? Most companies give unrestricted access to user profiles as reference material on a need basis. Other orgs hide the info, which is then used to build workflows and automations.
User Sync and Linchpin User Profiles: Real-time information for mass consumption
User profiles are only as good as your data. The new integration between resolution’s User Sync and Linchpin User Profiles ensures that you can send your best data and publish it on Confluence:
- User Sync hooks to any cloud identity provider with a public API and updates user attributes
- Linchpin User Profiles for Confluence gives you limitless possibilities for storing user information
Advantages of combining User Sync with Linchpin User Profiles:
- REST API integration. Replace the LDAP Sync with a REST API Sync. Keep the concept and update the technology!
- Real time information. the integration works automatically once set up. Users will have the most current data. Admins can work on something else.
- Forget about exports. This means that you can deprecate manual processes like exporting and importing information on an XML file.
- No in-house development. Building a custom script to connect the IdP to Confluence is probably not worth the effort. Particularly once you factor in maintenance and the security features required to handle personal data.
- Out of the box connectors with the most common Identity providers: Azure AD (Entra), Okta, Google Workforce (formerly known as GSuite), or OneLogin.
- Custom connectors with Groovy scripts (on demand). When customers request an integration to an additional source of identity, we only have to take the requirements and write some lines of code.
- Eliminate manual input. Stop sending reminders to your users about keeping their Confluence user profiles up to date.
- Use all the data you want. Forget about the many restrictions you were used to. Send and store any number of user attributes (160 group memberships? Three lines of managers? Why not?).
How does the User Sync- User Profiles integration work?
The example: Populating a manager field in Confluence from Azure AD (Entra)
Let’s look at a real world example.
We want to publish information about each user’s manager in the Linchpin User profiles. Information about managers and supervisors is a classic gap in native Confluence user profiles. It’s also quite annoying to maintain with user input: managers change all the time with promotions, leaves and reorganizations. And we know that a lot of companies, including some of our customers, use that information to automate the maintenance of approval processes.
In the screenshot below you can see that admin’s profile already has a Manager field. Sadly, it’s empty. But the company stores the information in Azure AD (Entra)!
Goal: Populate the Manager field in User Profiles with information stored on Azure AD (Entra).
Source: User Sync Connector for Azure AD (Entra)
Prerequisites:
- Confluence instance in Server or Data Center
- Linchpin User Profiles (standalone), Linchpin Essentials or any other Linchpin implementation that includes User Profiles.
- resolution’s User Sync for Confluence or SAML SSO for Confluence (includes User Sync)
- User Sync Connector for Azure AD (Entra) (see the full setup guide)
If you prefer to dive directly into the setup, have a look at our full documentation on syncing attributes to Linchpin.
Step 1: Manage the field in Linchpin User Profile
- In this case, the field already exists. If you want to create the new field from scratch, have a look at this First Steps guide
- Set the right data source: IdP
This selection will make the Superior field available in the User Sync configuration.
Step 2: Map the Linchpin field to Azure AD (Entra)
- In Confluence, go to User Management > User Sync,
- Edit the Azure AD (Entra) Connector that you want to map to Linchpin
- Click on the Provisioning Settings tab
- Click on Add New Attribute Mapping and scroll to the bottom
- There, you will see all the Linchpin user profiles fields configured with IdP as a source. Select Manager
- On the popup, select the source Azure AD (Entra) field, then hit apply
As a result, you will see the manager field in the attribute mapping table
Step 3: Run the sync
Afterwards, you should test that everything’s working properly. To do that, you can run the sync manually on a single test user. You can do this easily from the connector list.
After the sync, you should see that the Manager field has already been updated!
Conclusion
Digital identities are constantly changing. The integration between User Sync and Linchpin User Profiles creates a seamless flow between cloud Identity Providers and Atlassian on-premise applications that will satisfy everyone. Users will be freed from entering data on their profiles. The IT team will reduce the amount of manual work. And the entire organization will benefit from capturing the true state of everyone’s fluid, interconnected, constantly changing data.
Linchpin customers can forget about cumbersome data migration processes and reap the same benefits of an LDAP sync on a cloud integration.
SAML SSO and User Sync customers who can already transmit all their data to Confluence also have the right platform built on top of Confluence to publish that data and make it available to every user.
About the products
About User Sync
User Sync is the smartest way to automate user lifecycle management in the Atlassian stack. Integrate cloud user directories and create users, update permissions and deactivate users without manual work.
Resolution’s User Sync can be bought as a standalone app, but most customers use it as an essential component of our SAML SSO app, where it provides an advanced alternative to Just in Time user provisioning.
Find it in the Marketplace
About Linchpin User Profiles
Linchpin provides a centralized information and collaboration platform with an open and transparent teamwork environment. Linchpin connects employees, no matter their time or location. Everyone has a personalized user-experience tailored only to them.
Linchpin User Profiles is included in Linchpin Essentials and the Linchpin Intranet Suite, but can also be purchased separately.
Find it in the Marketplace