LogoLogo
  • ๐Ÿ“‘Introduction
  • ๐Ÿ› ๏ธCookbooks
    • โฑ๏ธExport Issue History
    • ๐Ÿ‘พCreate Jira Issue
    • ๐ŸงฉExtract customfields from issue(s)
    • ๐ŸŒ„Upload Content Attachment
    • ๐ŸšฎCreate Jira ITSM Request
    • ๐ŸšœEdit Jira Issue (Explicit)
    • ๐Ÿš›Edit Jira Issue (Implicit)
    • ๐ŸšŽCreate Jira Workflow
    • ๐Ÿ—ƒ๏ธAdd CustomField to Screen
    • ๐ŸšŸSearch Project Boards
    • ๐Ÿ“…Get User Last-Login Info
    • ๐Ÿค’Remove User Access
    • ๐ŸคฏSuspend User Access
    • ๐ŸฅณRestore User Access
    • ๐Ÿš‹Extract Project Administrators
    • ๐ŸงบSearch Jira User By Email
    • ๐ŸšžSearch Contents By CQL
    • ๐ŸŒŠCascade Permissions from Parent to Child
    • ๐ŸŽญPage Permission Helper
    • ๐Ÿค–Atlassian SCIM Onboarding
    • ๐Ÿ˜ƒCreate User via SCIM
    • ๐Ÿ›ฐ๏ธIssue Permission Helper
  • Jira Software Cloud
    • ๐Ÿ—ƒ๏ธIntroduction
    • ๐Ÿ“ฎAnnouncement Banner
    • ๐Ÿ”Application Roles
    • ๐Ÿ›ก๏ธ Audit records
    • ๐Ÿ“ˆDashboards
    • ๐Ÿ—„๏ธFilters
      • ๐ŸคSharing
    • ๐Ÿ‘ซGroups
    • ๐ŸžIssues
      • ๐Ÿ“ŽAttachments
      • ๐Ÿ“ฌComments
      • ๐ŸƒFields
        • ๐Ÿ–ผ๏ธConfiguration
          • ๐ŸคItems
          • ๐Ÿ”ƒSchemes
        • ๐ŸณContext
          • ๐Ÿ•งOption
        • ๐Ÿ—‘๏ธTrash
      • ๐Ÿท๏ธ Labels
      • ๐Ÿ”—Link
        • ๐Ÿ”ƒRemote
        • ๐Ÿ–‡๏ธTypes
      • ๐Ÿš›Metadata
      • ๐ŸฃPriorities
      • ๐Ÿ€Resolutions
      • ๐Ÿ“ŒSearch
      • ๐Ÿ“ฆType
        • ๐ŸŽดScheme
        • ๐Ÿ›…Screen Scheme
      • ๐Ÿ“ Vote
      • ๐ŸŽฏWatcher
      • ๐Ÿ•ฐ๏ธWorklogs
      • ๐Ÿ“คProperties
      • ๐Ÿ“ญArchiving
    • ๐Ÿ”“Permissions
      • ๐Ÿ“œScheme
        • ๐Ÿ”‘Grant
    • ๐Ÿ“šProjects
      • ๐ŸงฉCategories
      • ๐Ÿ”ฎComponents
      • ๐ŸšงPermission Schemes
      • ๐Ÿ“ฌNotification Schemes
      • ๐Ÿ’ผRoles
        • ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘งActors
      • ๐ŸงตTypes
      • ๐ŸงฑVersions
      • ๐Ÿช”Validation
      • ๐Ÿ™ŒFeatures
      • ๐Ÿ“คProperties
    • ๐Ÿ““Screens
      • ๐Ÿ“‚Tabs
        • ๐ŸงฐFields
      • ๐Ÿ“ Schemes
    • โš™๏ธServer
    • ๐Ÿ”ฉJQL
    • โš—๏ธTasks
    • ๐Ÿค“Users
      • ๐Ÿ“ Search
    • ๐Ÿ–จ๏ธWorkflow
      • ๐Ÿš›Scheme
        • ๐Ÿ“ฏIssue Type
      • ๐Ÿ—บ๏ธStatus
    • โš–๏ธMyself
    • ๐Ÿ“Teams
  • Jira Agile
    • ๐Ÿœ๏ธIntroduction
    • ๐Ÿ“‰Boards
      • ๐Ÿ“ƒBacklog
    • ๐Ÿ—“๏ธSprints
    • ๐Ÿ“ˆEpics
  • Jira Service Management
    • ๐Ÿ—บ๏ธIntroduction
    • ๐Ÿ‘จโ€โš–๏ธCustomer
    • โ„น๏ธInfo
    • ๐Ÿ“šKnowledgebase
    • ๐Ÿ›‚Organization
    • ๐Ÿ“™Request
      • ๐ŸšซApproval
      • ๐Ÿ“‚Attachments
      • ๐Ÿ“ฌComments
      • ๐Ÿ“ฎFeedback
      • ๐Ÿ‘ฅParticipants
      • โฐSLA
      • ๐Ÿ’พTypes
      • โš™๏ธService Desk
        • ๐Ÿ›Ž๏ธQueue
    • ๐Ÿ“™Workspaces
  • Jira Assets
    • ๐Ÿ“ Introduction
    • ๐Ÿ‘พIcons
    • ๐Ÿ”ŽAql
    • ๐Ÿ›๏ธObject
      • ๐Ÿ“ Schema
      • ๐ŸงฐType
        • ๐Ÿ›Ž๏ธAttribute
  • Confluence Cloud
    • ๐ŸŽ‘Introduction
    • ๐Ÿ“‰Analytics
    • ๐Ÿ“ขContent
      • ๐ŸŽฎProperties
      • ๐Ÿ“‚Attachments
      • ๐Ÿ“ฌComments
      • ๐ŸšฉLabels
      • ๐ŸŽŽChildren/Descendants
      • ๐Ÿ›ก๏ธPermissions
      • ๐Ÿ”žRestrictions
        • ๐ŸŽ‘Operations
          • ๐Ÿซ‚Group
          • ๐Ÿ‘คUser
      • ๐Ÿ”ƒVersions
    • ๐Ÿ’พSpace
      • ๐Ÿ›ก๏ธPermissions
    • ๐Ÿ”ฐLabel
    • ๐Ÿ”ŽSearch
    • ๐Ÿ–ผ๏ธLong Task
    • ๐Ÿ—ƒ๏ธTemplate
    • ๐ŸŒŠV2
      • ๐Ÿ”๏ธIntroduction
      • ๐ŸงบAttachments
        • ๐Ÿ’ปVersions
      • ๐Ÿ“ƒPage
      • ๐ŸชŸSpace
      • ๐Ÿ—ƒ๏ธCustom Content
  • Atlassian Admin Cloud
    • ๐ŸŒŒIntroduction
    • โ„น๏ธOrganization
      • ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆDirectory
      • ๐Ÿ‘”Policy
    • ๐Ÿ‘ฅUser
      • ๐Ÿ”“Token
    • ๐ŸงฐSCIM
      • ๐Ÿง™โ€โ™‚๏ธUsers
      • โ›น๏ธโ€โ™‚๏ธGroups
      • ๐Ÿ”ฉSchemas
  • Bitbucket Cloud
    • ๐Ÿ‘จโ€๐Ÿ’ปIntroduction
    • ๐Ÿ“ฐWorkspace
      • ๐Ÿ›ก๏ธPermissions
      • ๐Ÿ’พWebhooks
Powered by GitBook
On this page
  • Authentication and authorization
  • User limitations
  • Group limitations

Was this helpful?

Export as PDF
  1. Atlassian Admin Cloud

SCIM

PreviousTokenNextUsers

Last updated 1 year ago

Was this helpful?

The user provisioning REST API manages an integration between an external user directory and your Atlassian cloud products so you can automatically update the users and groups in your Atlassian organization when you make updates in your identity provider (IdP).

For example, with user provisioning, you can create, link, and deactivate managed Atlassian user accounts from your IdP. We support user provisioning using the System for Cross-domain Identity Management (SCIM) protocol version 2.0

Authentication and authorization

To manage users and groups with the user provisioning REST API, you need an API key separate from your Cloud admin API key. This key gives full administrative access to your organization's directory, allowing the API client to create and update user attributes and change user group membership.

Once you have your API key, you can provide it as a bearer token in the Authorization part of your HTTPS header. If you need to "rotate" or regenerate an API key, use the following steps:

  • Click Directory, then click User provisioning.

  • Click the Directory tab, then click the Regenerate API key button and click Regenerate key.

Copy the organization ID and the API key to a safe place. Once you close the API key information screen, we won't show you this information again.

User limitations

  • A user account only can only be created if it has an email address on a domain you have verified.

  • Deleting a user account via the user provisioning API is not supported. The DELETE operation deactivates the user account, which is the same as setting the active flag to false.

  • There is a 5000-user limit per directory. This limit is enforced for compatibility with products that have an upper bound for total supported users.

Group limitations

  • When you sync a group that has the same name as an existing group in the organization, the group sync fails with a 409 (conflict) error.

  • If the API creates a group in the organization's directory that has the same name of a site's group (e.g. confluence-users), the API successfully creates the group in the directory but fails to propagate the group to the organization's sites. You'll see this event in the audit log.

  • Changing group names isn't supported. Renaming groups after they've synced to your Atlassian organization isn't supported in this release of User Provisioning API. This is because some parts of the products rely on group names and changing the group name would result in users not being able to interact with the products correctly. To rename a group, create a new group with the desired name, update membership, and then delete the old group.

Go to and click your organization.

admin.atlassian.com
๐Ÿงฐ
Page cover image