With user provisioning and de-provisioning, access to Atlassian cloud products will be defined by rules set in your external directory. Onboarding and offboarding of users happens automatically whenever a user is added or removed from your external directory. This user directory is usually provided as a service by a software vendor called an identity provider. Access allows customers to integrate their Atlassian cloud products with an identity provider.
Why implement user provisioning and de-provisioning?
User provisioning reduces the manual work involved with granting employees application access when they join the company or move to a new team. In addition, automated de-provisioning reduces the risk of information breaches by removing access for those that leave the company. And since user accounts are automatically removed when people leave the company or a group, costs are more tightly controlled.
How it works
Access integrates your user directory with your Atlassian cloud products, and automatically syncs updates you make in your identity provider with users in your Atlassian organization.
When a new employee joins the company, perhaps the engineering team, the IT admin typically needs to give this new employee access to at least 10 different apps that engineers typically use to do their jobs. With user provisioning set up, the admin just needs to add the employee to the engineering group once, and all the apps they need will be automatically provisioned for that user. If the engineer leaves the company, the admin just needs to make one change in their user directory, and access is revoked.
If an employee switches teams, say from engineering into product, they might need access to a slightly different toolset. All the admin needs to do is make one change in their user directory group settings, and access is revoked to the tools they no longer need and granted to the new ones.