Manage users between cloud and Data Center products

Having a single place for managing users is important if your teams work across Atlassian cloud and Data Center products. Regardless of the deployment type, you can manage and share the same user base between any Atlassian products. We’ll show you some scenarios that make it possible.

Use this page when:

  • You need a central place to manage users between cloud and Data Center products

  • You’re migrating to cloud but your teams still need access to Data Center products

Additional products you’ll need

Because of the differences between cloud and Data Center, you’ll need the following products in your environment:

  • Cloud IdP: Atlassian cloud products integrate with a cloud IdP, which then syncs with your external directory (if you have one). You’ll need a cloud IdP to either sync with an external directory or manage your users.

  • Atlassian Guard: Guard allows you to manage all of your cloud users in the same place, and is required to connect your cloud products to a cloud IdP. Learn more about Atlassian Guard

User management configurations that allow sharing users

Here are the two main configurations we’ve identified:

Scenario 1. Managing users in an external directory synced with a cloud IdP RECOMMENDED

In this configuration, you have:

  • External user directory like LDAP or active directory

  • Cloud IdP like Okta or Azure AD

  • Any Data Center product (you can additionally use Crowd, but it’s not required)

  • Any cloud product with a subscription for Atlassian Guard

Here’s what a sample configuration can look like and how users are synced:

In this configuration, you manage users in your external directory. Additionally, the following features are available:

FeatureStatusDetails
Shared user base

(tick)

  • Cloud syncs users from the cloud IdP via SCIM.

  • Data Center integrates directly with your external directory.

Nested groups

(warning)

  • Cloud doesn't support nested groups, so you'll either need to flatten them at the IdP level or use one of our custom integrations that provide flattening. Learn how different IdPs support flattening
  • Data Center supports nested groups.

Single sign-on

(tick)

It’s supported via SAML.

Providers supported in Cloud
  • ADFS

  • Azure AD

  • Okta

  • OneLogin

  • Ping Identity

  • Idaptive

  • Auth0

  • Google Workspace

Providers supported in Data Center
  • AFDS 3.0
  • Azure AD
  • Okta
  • OneLogin
  • Ping Identity
  • Bitium
Multiple IdPs

(tick)

Atlassian Guard supports adding multiple identity providers if you're on an Enterprise plan. Learn more about adding IdPs

Two-factor authentication

(tick)

It can be enabled in your cloud IdP.

User provisioning

(tick)

Check the mechanisms supported for this scenario:

User provisioning in Cloud
  • SCIM from cloud IDPs
  • ADFS integration
  • GSync
  • SAML Just In Time provisioning
User provisioning in Data Center
  • LDAP/AD
  • SAML / OIDC Just In Time provisioning

Scenario 2. Managing users only in a cloud IdP

In this configuration, you have:

  • Cloud IdP, like Okta or AzureAD

  • Any Data Center product

  • Any cloud product with a subscription for Atlassian Guard

Here’s what a sample configuration can look like and how users are synced:

In this configuration, you manage users in your IdP. Additionally, the following features are available:

FeatureStatusDetails
Shared user base

(warning)

  • Cloud syncs users from the cloud IdP via SCIM.

  • Data Center can be connected to the cloud IdP, but users will be provisioned and updated only on login. Regular syncing and de-provisioning aren’t available.

Nested groups

(warning)

  • Cloud doesn't support nested groups, so you'll either need to flatten them at the IdP level or use one of our custom integrations that provide flattening. Learn how different IdPs support flattening
  • Data Center supports nested groups.

Single sign-on

(tick)

It’s supported via SAML.

Providers supported in Cloud
  • ADFS

  • Azure AD

  • Okta

  • OneLogin

  • Ping Identity

  • Idaptive

  • Auth0

  • Google Workspace

Providers supported in Data Center
  • AFDS 3.0
  • Azure AD
  • Okta
  • OneLogin
  • Ping Identity
  • Bitium
Multiple IdPs

(tick)

Atlassian Guard supports adding multiple identity providers if you're on an Enterprise plan. Learn more about adding IdPs
Two-factor authentication

(tick)

It can be enabled in your cloud IdP.

User provisioning

(tick)

Check the mechanisms supported for this scenario:

User provisioning in Cloud
  • SCIM from cloud IDPs
  • ADFS integration
  • GSync
  • SAML Just In Time provisioning
User provisioning in Data Center
  • SAML / OIDC Just In Time provisioning
Last modified on Jan 2, 2025

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.