Page cover image

๐Ÿ‘”Policy

An authentication policy allows you to specify authentication settings for different sets of users and configurations in your organization. It verifies that users who access your Atlassian organization are who they claim to be.

  1. Default policy โ€“ We automatically add new members to a default policy in your local or identity provider directory.

  2. Non-billable - Create a non-billable policy when you donโ€™t want to pay for certain users. You can only set a non-billable policy as the default policy in the local directory.

  3. Local directory - Contains members youโ€™re not managing in your identity provider. You invite them or they sign up themselves.

  4. Two-step verification โ€“ Require a second step when logging in or make it optional for members.

  5. Third-party login โ€“ Allow or block logins from third-party accounts.

  6. Password requirements โ€“ Track minimum password strength and expiration.

  7. Idle session duration โ€“ Track how long members can be inactive before logging them out.

  8. Members โ€“ Shows the number of members in a policy. Add or move members from one policy to another policy.

  9. Single sign-on (SSO) โ€“ Track when you enforce login to Atlassian through SAML or Google Workspace SSO. You can only enforce SSO in an identity provider directory.

  10. Identity provider directory - Contains members you sync or authenticate through your identity provider. You can add and move members between authentication policies.

Get list of policies

GET /admin/v1/orgs/{orgId}/policies

Returns information about org policies.

package main

import (
	"context"
	"github.com/ctreminiom/go-atlassian/admin"
	"github.com/ctreminiom/go-atlassian/pkg/infra/models"
	"log"
	"net/url"
	"os"
)

func main() {

	//ATLASSIAN_ADMIN_TOKEN
	var apiKey = os.Getenv("ATLASSIAN_ADMIN_TOKEN")

	cloudAdmin, err := admin.New(nil)
	if err != nil {
		log.Fatal(err)
	}

	cloudAdmin.Auth.SetBearerToken(apiKey)
	cloudAdmin.Auth.SetUserAgent("curl/7.54.0")

	var (
		organizationID = "9a1jj823-jac8-123d-jj01-63315k059cb2"
		policyType     = ""
		policyChunks   []*models.OrganizationPolicyPageScheme
		cursor         string
	)

	for {

		policies, response, err := cloudAdmin.Organization.Policy.Gets(context.Background(), organizationID, policyType, cursor)
		if err != nil {
			if response != nil {
				log.Println("Response HTTP Response", response.Bytes.String())
			}
			log.Fatal(err)
		}

		log.Println("Response HTTP Code", response.Code)
		log.Println("HTTP Endpoint Used", response.Endpoint)
		policyChunks = append(policyChunks, policies)

		if len(policies.Links.Next) == 0 {
			break
		}

		//extract the next cursor pagination
		nextAsURL, err := url.Parse(policies.Links.Next)
		if err != nil {
			log.Fatal(err)
		}

		cursor = nextAsURL.Query().Get("cursor")
	}

	for _, chunk := range policyChunks {

		for _, policy := range chunk.Data {

			log.Println(policy.ID, policy.Type, policy.Attributes.Status)
		}
	}
}

Create a policy

POST /admin/v1/orgs/{orgId}/policies

Create a policy for an org

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"github.com/ctreminiom/go-atlassian/admin"
	"github.com/ctreminiom/go-atlassian/pkg/infra/models"
	"log"
	"os"
)

func main() {

	//ATLASSIAN_ADMIN_TOKEN
	var apiKey = os.Getenv("ATLASSIAN_ADMIN_TOKEN")

	cloudAdmin, err := admin.New(nil)
	if err != nil {
		log.Fatal(err)
	}

	cloudAdmin.Auth.SetBearerToken(apiKey)
	cloudAdmin.Auth.SetUserAgent("curl/7.54.0")

	payload := &models.OrganizationPolicyData{
		Type: "policy",
		Attributes: &models.OrganizationPolicyAttributes{
			Type:   "data-residency", //ip-allowlist
			Name:   "SCIMUserNameScheme of this Policy",
			Status: "enabled", //disabled
		},
	}

	var organizationID = "9a1jj823-jac8-123d-jj01-63315k059cb2"

	newPolicy, response, err := cloudAdmin.Organization.Policy.Create(context.Background(), organizationID, payload)
	if err != nil {
		if response != nil {
			log.Println("Response HTTP Response", response.Bytes.String())
		}
		log.Fatal(err)
	}

	log.Println("Response HTTP Code", response.Code)
	log.Println("HTTP Endpoint Used", response.Endpoint)

	policyAsJSONKeys, err := json.MarshalIndent(newPolicy, "", "  ")
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("MarshalIndent Struct keys output\n %s\n", string(policyAsJSONKeys))
	fmt.Println(payload)
}

Get a policy by ID

GET /admin/v1/orgs/{orgId}/policies/{policyId}

Returns information about a single policy by ID

package main

import (
   "context"
   "github.com/ctreminiom/go-atlassian/admin"
   "log"
   "os"
)

func main() {

   //ATLASSIAN_ADMIN_TOKEN
   var apiKey = os.Getenv("ATLASSIAN_ADMIN_TOKEN")

   cloudAdmin, err := admin.New(nil)
   if err != nil {
      log.Fatal(err)
   }

   cloudAdmin.Auth.SetBearerToken(apiKey)
   cloudAdmin.Auth.SetUserAgent("curl/7.54.0")

   var (
      organizationID = "9a1jj823-jac8-123d-jj01-63315k059cb2"
      policyID       = "60f0f660-be3e-4d70-bd34-9c2858ec040f"
   )

   policy, response, err := cloudAdmin.Organization.Policy.Get(context.Background(), organizationID, policyID)
   if err != nil {
      if response != nil {
         log.Println("Response HTTP Response", string(response.BodyAsBytes))
      }
      log.Fatal(err)
   }

   log.Println("Response HTTP Code", response.StatusCode)
   log.Println("HTTP Endpoint Used", response.Endpoint)

   log.Println(policy.Data.Type, policy.Data.ID, policy.Data.Attributes)

}

Update a policy

PUT /admin/v1/orgs/{orgId}/policies/{policyId}

Update a policy for an org

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"github.com/ctreminiom/go-atlassian/admin"
	"github.com/ctreminiom/go-atlassian/pkg/infra/models"
	"log"
	"os"
)

func main() {

	//ATLASSIAN_ADMIN_TOKEN
	var apiKey = os.Getenv("ATLASSIAN_ADMIN_TOKEN")

	cloudAdmin, err := admin.New(nil)
	if err != nil {
		log.Fatal(err)
	}

	cloudAdmin.Auth.SetBearerToken(apiKey)
	cloudAdmin.Auth.SetUserAgent("curl/7.54.0")

	payload := &models.OrganizationPolicyData{
		Type: "policy",
		Attributes: &models.OrganizationPolicyAttributes{
			Status: "disabled", //disabled
		},
	}

	var (
		organizationID = "9a1jj823-jac8-123d-jj01-63315k059cb2"
		policyID       = "eaffa6f0-eb42-4b09-b2fb-0c7932187783"
	)

	policy, response, err := cloudAdmin.Organization.Policy.Update(context.Background(), organizationID, policyID, payload)
	if err != nil {
		if response != nil {
			log.Println("Response HTTP Response", response.Bytes.String())
		}
		log.Fatal(err)
	}

	log.Println("Response HTTP Code", response.Code)
	log.Println("HTTP Endpoint Used", response.Endpoint)

	policyAsJSONKeys, err := json.MarshalIndent(policy, "", "  ")
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("MarshalIndent Struct keys output\n %s\n", string(policyAsJSONKeys))
}

Delete a policy

DELETE /admin/v1/orgs/{orgId}/policies/{policyId}

Delete a policy for an org

package main

import (
   "context"
   "github.com/ctreminiom/go-atlassian/admin"
   "log"
   "os"
)

func main() {

   //ATLASSIAN_ADMIN_TOKEN
   var apiKey = os.Getenv("ATLASSIAN_ADMIN_TOKEN")

   cloudAdmin, err := admin.New(nil)
   if err != nil {
      log.Fatal(err)
   }

   cloudAdmin.Auth.SetBearerToken(apiKey)
   cloudAdmin.Auth.SetUserAgent("curl/7.54.0")

   var (
      organizationID = "9a1jj823-jac8-123d-jj01-63315k059cb2"
      policyID       = "eaffa6f0-eb42-4b09-b2fb-0c7932187783"
   )

   response, err := cloudAdmin.Organization.Policy.Delete(context.Background(), organizationID, policyID)
   if err != nil {
      if response != nil {
         log.Println("Response HTTP Response", string(response.BodyAsBytes))
      }
      log.Fatal(err)
   }

   log.Println("Response HTTP Code", response.StatusCode)
   log.Println("HTTP Endpoint Used", response.Endpoint)

}

Last updated

Was this helpful?