Working with JIT provisioning

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Always make a backup before installing, upgrading, or performing any kind of transformative operation to your instance.

Just-in-time user provisioning (JIT provisioning) allows users to be created and updated automatically when they log in through SAML SSO or OpenID Connect (OIDC) SSO to Atlassian Data Center applications such as Jira, Confluence, or Bitbucket.

JIT provisioning is a part of the SSO for Atlassian Server and Data Center app. You can download the app from the Atlassian Marketplace


Install the app by uploading the JAR to your Atlassian Data Center product. 

  1. Download the SSO for Atlassian Server and Data Center JAR from the Atlassian Marketplace

  2. In your Atlassian product, go to Administration > Manage apps > Manage apps.

  3. Click Upload app.

  4. From your computer, choose the JAR file for the JIT provisioning app.

  5. Click Upload.

    The app should now appear as enabled in the list of user-installed apps.


  1. In your Atlassian Data Center product, go to SSO 2.0 configuration:

    • For Jira applications, go to Administration  > System > SSO 2.0 Authentication
    • For Confluence, go to Administration  > General Configuration > SSO 2.0
    • For Bitbucket, go to Administration  > Accounts > SSO 2.0 Authentication
  2. Set the authentication method to SAML or OpenID Connect.

  3. Make sure the Username mapping field is filled correctly.
    This field affect how JIT provisioning functions. For more information, see Configuring the username mapping field.

  4. Check Create users on login to the application.

  5. Configure your user data mappings.

    For more information on how to configure these fields, see: JIT user provisioning

  6. Click Save configuration.

    Your JIT app is now configured. To test your configuration, see JIT Provisioning - How to test your attribute mappings.


To upgrade, follow the same steps as listed above for installing the app


  1. Clear Create users on login to the application.

  2. Click Save configuration.

Finding JIT provisioned users

If you need to a list of of users which were provisioned just-in-time, there are two ways to find out:

  • HTTP request

When logged in as a system administrator, send a GET request to: 


  • SQL query

Download and run the following query against your product:

Last modified on Jul 3, 2020

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.