Working with JIT provisioning

JIT user provisioning

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Always make a backup before installing, upgrading, or performing any kind of transformative operation to your instance.

Just-in-time user provisioning (JIT provisioning) allows users to be created and updated automatically when they log in through SAML SSO or OpenID Connect (OIDC) SSO to Atlassian Data Center applications such as Jira, Confluence, or Bitbucket.

JIT provisioning is a part of the SSO for Atlassian Data Center app. You can download the app from the Atlassian Marketplace

Installing

Install the app by uploading the JAR to your Atlassian Data Center product. 

  1. Download the SSO for Atlassian Data Center JAR from the Atlassian Marketplace

  2. In your Atlassian product, go to Administration Manage apps > Manage apps.

  3. Select Upload app.

  4. From your computer, choose the JAR file for the JIT provisioning app.

  5. Select Upload.

    The app should now appear as enabled in the list of user-installed apps.

Configuring

  1. In your Atlassian Data Center product, go to SSO 2.0 configuration:

    • For Jira applications, go to Administration  > System > SSO 2.0 Authentication
    • For Confluence, go to Administration  > General Configuration > SSO 2.0
    • For Bitbucket, go to Administration  > Accounts > SSO 2.0 Authentication

  2. Set the authentication method to SAML or OpenID Connect.

  3. Make sure the Username mapping field is filled correctly.
    This field affect how JIT provisioning functions. For more information, see Configuring the username mapping field.

  4. Check Create users on login to the application.

  5. Configure your user data mappings.

    For more information on how to configure these fields, see: JIT user provisioning

  6. Select Save configuration.

    Your JIT app is now configured. To test your configuration, see JIT Provisioning - How to test your attribute mappings.

Upgrading

To upgrade, follow the same steps as listed above for installing the app

Disabling

  1. Clear Create users on login to the application.

  2. Select Save configuration.

Finding JIT provisioned users

If you need to a list of of users which were provisioned just-in-time, there are two ways to find out:

  • HTTP request

When logged in as a system administrator, send a GET request to: 

https://<product-base-url>/rest/authconfig/latest/jit-users


  • SQL query

Download and run the following query against your product:
list_jit_provisioned_users.sql

Last modified on Feb 15, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.