Manage users between cloud and Data Center products
Having a single place for managing users is important if your teams work across Atlassian cloud and Data Center products. Regardless of the deployment type, you can manage and share the same user base between any Atlassian products. We’ll show you some scenarios that make it possible.
Use this page when:
You need a central place to manage users between cloud and Data Center products
You’re migrating to cloud but your teams still need access to Data Center products
Additional products you’ll need
Because of the differences between cloud and Data Center, you’ll need the following products in your environment:
Cloud IdP: Atlassian cloud products integrate with a cloud IdP, which then syncs with your external directory (if you have one). You’ll need a cloud IdP to either sync with an external directory, or manage your users.
Atlassian Access: Access allows you to manage all of your cloud users in the same place, and is required to connect your cloud products to a cloud IdP. Learn more about Access
User management configurations that allow sharing users
Here are the two main configurations we’ve identified:
Scenario 1. Managing users in an external directory synced with a cloud IdP RECOMMENDED
In this configuration, you have:
External user directory, like LDAP or active directory
Cloud IdP, like Okta or AzureAD
Any Data Center product (you can additionally use Crowd, but it’s not required)
Any cloud product with a subscription for Atlassian Access
Here’s what a sample configuration can look like and how users are synced:
In this configuration, you manage users in your external directory. Additionally, the following features are available:
| Feature | Status | Details |
|---|---|---|
| Shared user base |
|
|
| Nested groups |
|
|
| Single sign-on |
| It’s supported via SAML. |
| Multiple IdPs |
| Atlassian Access doesn’t support multiple IdPs yet (check public roadmap). They’re supported in Data Center, but since you need to have a common one between your products, you’ll need to pick just one. |
| Two-factor authentication |
| It can be enabled in your cloud IdP. |
| User provisioning |
| Check the mechanisms supported for this scenario: |
Scenario 2. Managing users only in a cloud IdP
In this configuration, you have:
Cloud IdP, like Okta or AzureAD
Any Data Center product
Any cloud product with a subscription for Atlassian Access
Here’s what a sample configuration can look like and how users are synced:
In this configuration, you manage users in your IdP. Additionally, the following features are available:
| Feature | Status | Details |
|---|---|---|
| Shared user base |
|
|
| Nested groups |
|
|
| Single sign-on |
| It’s supported via SAML. |
| Multiple IdPs |
| Atlassian Access doesn’t support multiple IdPs yet (check public roadmap). They’re supported in Data Center, but since you need to have a common one between your products, you’ll need to pick just one. |
| Two-factor authentication |
| It can be enabled in your cloud IdP. |
| User provisioning |
| Check the mechanisms supported for this scenario: |