...
PROS | CONS | |
---|---|---|
Manual administration | No setup. | Does not scale well in terms of administrator work load. Can be error-prone. Duplicate admin work (user accounts must be manually maintained both at the identity provider and within the Atlassian application) |
Active directory or LDAP sync | Built into Atlassian product. Easy integration with any LDAP capable directory. Usually best option in on-prem environments. | Limited or no support for cloud environments. While some vendors do provide LDAP adapters, they can be cumbersome to use. |
Works with any IDP. Technically simple: Users are created and updated from data passed through the browser, meaning no additional network dependencies. Scales to “infinite” directory sizes. | Does not remove inactive users. Group provisioning/claims can be difficult to configure on some IDPs. Users are able to set their own local passwords in the Atlassian application. | |
Ability to create, update and delete users automatically Can be combined with local groups Express filters and transformations within the Atlassian applications. | Synchronization/snapshot based, so does not scale to very large directory sizes/companies (at a certain point, sync passes simply become too slow). | |
In principle; works with any SCIMv2 compliant IDP. Scales to any directory size. | Requires inbound access to the Atlassian application. This has security implications/considerations. It also means more parts of the organization may need to be involved (networking/firewall etc). Works best in the presence of failover, i.e. Atlassian Datacenter. Some IDPs don’t provide SCIM at the basic subscription tiers. For example, a Platinum subscription is required for Azure AD. SCIM also supports nested groups. |
A note regarding admin users and WebSudo
...