Despite what feels like continuous efforts to standardize, enterprises are splintered by their very nature. Teams move at different speeds, and are often siloed with their own unique processes and specialized products that don’t easily integrate with your enterprise tech stack. Some of these disparate ways of working are not only inevitable, but necessary to improve team cohesion and ultimately team performance.
There’s a natural tension between making teams more efficient and continuing to support the autonomy that allows them to be effective. This means enterprise-scale standardization can be a major challenge, but with the value of identity providers (IdPs), establishing a single source of truth for user management across the enterprise feels relatively attainable. So why is it still so difficult?
Establishing a single source of truth for identity management
When certain products in your tech stack don’t provide on-demand provisioning, the identity management flow buckles and bottlenecks. Not only are you left having to manually provision new users with access to the products they need, but there’s more potential for users to be provisioned incorrectly. Or there’s the option to seek out a third-party solution to mitigate the problem, but this often leads to additional cost, maintenance, and even security issues. It’s for these reasons and more that we’ve built just-in-time (JIT) provisioning for Atlassian Data Center products, available in the following product versions:
- Jira Software Data Center 8.11
- Jira Service Management Data Center 4.11
- Confluence Data Center 7.7
- Bitbucket Data Center 7.5 (Coming soon)
Just-in-time provisioning enables Atlassian applications to better integrate with your identity provider (IdP) of choice, as users are created and updated dynamically when they log in, based on Security Assertion Markup Language (SAML) or OpenID Connect (OIDC) assertions sent by the IdP. This eliminates the need to create user accounts in advance. For example, let’s say you recently added an employee to your organization. Without JIT provisioning, you would need to also manually add that user in Jira, Confluence, and so on. With JIT provisioning enabled, a new user can use SAML or OIDC single sign-on (SSO) to log in for the first time, and they will be automatically added to the products they need to hit the ground running.
Automate your JIT provisioning process and enable efficiency
The process of manually provisioning users is both time-intensive and prone to human error, especially for an organization that’s growing fast. When users are joining various areas of the business on a daily basis, this can take up a huge chunk of your time, and that’s not considering the more frequent re-organization of teams and processes in the enterprise environment. Just-in-time provisioning uses automation to ensure that your products are in line with the rest of your tech stack, winning you valuable time back and giving you the peace of mind that work isn’t slowing down. Handing this process off to machine learning allows admins – as well as the product users – to be more efficient, since you’re spending less time addressing and solving access issues and more time getting work done.
Here’s how it works: JIT provisioning extends the SAML or OIDC protocol to pass user attributes from your central IdP to our apps. From the central directory, you can create users and authorize their app access, rather than creating a user in the central directory, authorizing their app access, and then creating a corresponding account for that user in the given Atlassian apps. Instead, users trigger the creation of those user accounts automatically the first time they log in to an app. Before JIT, this kind of automation was not possible, and each account required manual creation by an IT admin or manager.
A seamless user experience helps build team effectiveness
When end-users are unhappy, you hear about it – especially when a team is trying to onboard new members and get them up to speed as quickly as possible. Any friction that prevents them from gaining access to the tools they need to do their job will result in negative user experiences, plus more work on your plate.
With JIT provisioning, you can avoid access issues for end-users and get new members of the teams your products support up to speed faster. When users are given the tools they need without friction, their ability to interact, collaborate, and gel with the team improves. In an environment where there is frequent growth, team turnover, or other personnel change, limiting the amount of time required for teams to adapt to these changes is paramount for that team’s ability to be effective. Furthermore, taking back the time spent repeating provisioning tasks makes you more effective, because it gives you more opportunity to improve other facets of the product experience.
Maintain security standards
Any password policies that an organization may have established for their corporate network are also in effect for Atlassian products. Using third-party integrations to mitigate the problem can lead to additional security concerns and measures. Similarly, as we mentioned earlier, the manual process of provisioning access to new users can be prone to human error, meaning some users may get access to tools they’re not supposed to have.
With JIT provisioning, there is one less security issue to worry about, and your toolset naturally falls in line with your security policies, making them more consistent in general. Similarly, pre-established group parameters within your IdP help to reduce the potential security issues that can arise from human error, but JIT does not act on permissions within groups, so these will still need to be configured on the product side.
A modernized admin experience
JIT provisioning obviously benefits end-users by contributing to a more seamless access experience, however the true benefits of this feature are geared towards you, the admin. With JIT provisioning enabled in your Atlassian Data Center products, you’ll be able to better establish your IdP as the single source of truth for identity management, reduce user complaints and requests, win valuable time back, and instill a stronger sense of security. All of which contribute to making you, the team’s you support, and your enterprise, more efficient and effective in the process.
To get started, you can enable just-in-time provisioning once you’ve upgraded to the respective product versions mentioned above, or you can download the app from the Atlassian Marketplace. To learn more about how to get JIT provisioning set up, check out the following page.
To learn more about what’s yet to come for improving the enterprise user management experience, follow the link to the video below.