Skip to main content

Atlassian Cloud

The purpose of this guide is to provide detailed information regarding the Atlassian connector. There are a number of things you can learn about this connector here, including information about its configuration and deployment.

note

For more information about the Connector Health and it's status, Click here

About Atlassian Connector

In IDHub, you can create and onboard Atlassian applications using the Atlassian connector.

Connector Operations

OperationSupported
User Management
Create user in AtlassianYes
Add User to Jira ProjectYes
Add User to Confluence SpaceYes
Add User to Atlassian GroupYes
Update userYes
Remove User from AtlassianYes
Remove user from Jira ProjectYes
Remove user from Confluence SpaceYes
Remove user from Atlassian GroupYes
Jira Project Management
Create Project
Update ProjectYes
Delete ProjectYes
Confluence Space Management
View PageYes
Delete PageYes
Add PageYes
Archive PageYes
Delete PageYes
Add BlogYes
Delete BlogYes
Add CommentYes
Delete CommentYes
Add AttachmentYes
Delete AttachmentYes
Add/Delete RestrictionsYes
Delete MailYes
Export SpaceYes
AdminYes
Atlassian Group Management
Create GroupYes
Update GroupYes
Delete GroupYes

Connector Components

The components of the connector include Connector Application, Connector Application Configuration, Connector Service Provider Interface, Splice, and Splice configuration.

These connection components contain precise connectivity and setup information for your target system. The connector takes information from these files to allow you to quickly and efficiently onboard your applications using a single, streamlined UI.

Connector Architecture

The connector's architecture is constructed in accordance with the diagram below:

As can be seen in the screenshot above, the connector architecture is basically composed of connector application and target system splice. The target system splice takes care of the native communication with the target system using the Atlassian Specific connector SPI implementation. This architecture is followed and design as it enables for easy and rapid deployment of the connector as well as more precise versioning capabilities.

The connector is configured to run in one of the following modes:

  • Target Resource reconciliation
    • If you use the Atlassian application as the trusted source then in this case users are directly created and modified on IDHub. The Atlassian SDK extracts user records that match the reconciliation criteria, which brings the records to IDHub. Each user record fetched from the target system is compared with existing IDHub Users. If a match is found between the target system record and the IDHub User, then the User attributes are updated with changes made to the target system record. If no match is found, then the target system record is used to create an IDHub User.
  • Account management
    • This involves creating, updating, or deleting users on the target system through IDHub. During provisioning, the connector calls the target system Atlassian SDK for provisioning operations. The SDK on the target system accepts provisioning data, carries out the required operation on the target system, and returns the response from the target system to IDHub. Apps can use the Atlassian SDK to perform create, read, update, and delete (CRUD) operations on the target system.
note

In developing the connector, we adhere to this fundamental architecture. IDHub team will handle the connector modification section appropriately based on your unique business requirements if there are any improvements, extra specifications or variations.

Connector Features

Atlassian User Management

Atlassian is currently being used by your company, and you want to connect it to IDHub. You may want to generate and reconcile accounts from and to Atlassian and IDHub. In such a scenario, you would need to create a Atlassian connector and use the connector URL to onboard an Atlassian-connected application in IDHub. You will be able to provision accounts in the target system after successfully deploying the Atlassian connector and creating the Atlassian application. Similarly, you can perform further activities such as de-provisioning and updating accounts. IDHub offers a reconciliation feature that allows you to reconcile user identification information to and from Atlassian.

Atlassian Jira Project Management

Atlassian connector integration provides the following features:

  1. Connects to Jira and fetches project and role data: This includes both pre-defined roles (Administrator, Member, Viewer, etc.) and custom roles created by the project administrator.
  2. Allows users to request project access with specific roles: Users can choose the desired roles during the request process.
  3. Automatic role assignment upon approval: Once the request is approved based on the defined workflow, users are automatically granted access to the project with the requested roles.

Atlassian Confluence Space Management

An Atlassian connector integrates with Confluence to manage user access to spaces and permissions.

  • It retrieves space data and predefined permission levels (View Only, Add Page, etc.).
  • Users request access to spaces with specific permissions during the approval workflow.
  • Upon approval, users are automatically granted access with the requested permissions.

Atlassian Group Management

The Atlassian connector retrieves all groups from the directory and grants users access to these groups upon approval.

  • Functionality: Fetches all groups present in the directory.

  • Access Granting:

    • Users request access to groups through a defined approval workflow.
    • Upon approval, users are automatically added to the requested group, along with all associated products, projects, and spaces in the designated role.
    note

    Requesting a group automatically grants access to all associated product access, as dictated by Atlassian's provisioning process.

Reconciliation Features

Full reconciliation can be performed to bring all existing user data from the target system to IDHub. The Atlassian connector does the reconciliation for the following items:

  • User Account
  • Atlassian Groups
  • Jira Projects
  • Confluence Spaces
  • User Assignments to Group
  • User Assignments to Projects
  • User Assignments to Spaces

Support for the Connector Server

Connector Server is one of the features provided by IDHub. By using one or more connector servers, the connector architecture permits your application to communicate with externally deployed bundles. Therefore if you do not want to execute IDHub java connector bundle in the same VM as the application, in that case you have the ability to run the connector on a different host for better performance.

Pre-requisites

  • You need to have administrator email of your Atlassian or Atlassian Account
  • You need to have Atlassian SCIM URL.
  • You need to have Atlassian Site URL.
  • You need to have the Directory API key
  • You need to have the Directory ID (Organization ID)
  • You need to have the account security api key (token) for Atlassian admin account.
  • You need to have the admin email for your Atlassian account.
info

The steps for getting Directory ID and creating the API key are as follows:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.
  2. Select Settings > API keys.
  3. Select Create API key in the top right.
  4. Enter a name that you’ll remember to identify the API key.
  5. By default, the key expires one week from today. If you’d like to change the expiration date, pick a new date under Expires on. You’re unable to select a date longer than a year from the date of creation.
  6. Select Create to save the API key.
  7. Copy the values for your Organization ID and API key. You'll need those to use the API key. Note: Make sure you store these values in a safe place, as we won't show them to you again.
  8. Select Done. The key will appear in your list of API keys. :::

The steps for generating the account security api key is as follows:

  1. Log in to https://id.atlassian.com/manage-profile/security/api-tokens.
  2. Click Create API token.
  3. From the dialog that appears, enter a memorable and concise Label for your token and click Create.
  4. Click Copy to clipboard and store this somewhere safe. :::

Creating an Application by using the Connector

Onboard the Application in IDHub

tip

Click here for the detailed steps for onboarding the application to IDHub

Configuring the Connector

Connectors use connection-related parameters to connect to IDhub with your target system and perform connector operations when creating a connected application. IDHub requires the following connection-related parameters in order to connect to a Atlassian application.

Attribute Mappings for the Connector

Atlassian SchemaUser Schema in IDHubDescriptionSync DirectionRequiredIs Recon?Is Disabled?Is Visible?
departmentdepartmentUser’s DepartmentBi-Directionalfalsefalsefalsetrue
displayNamedisplayNameUser display nameBi-Directionaltruefalsefalsetrue
emailemailThe primary email for the userBi-Directionaltruetruefalsetrue
familyNamelastNameThe family name of the UserBi-Directionalfalsefalsefalsetrue
givenNamefirstNameThe given name of the UserBi-Directionalfalsefalsefalsetrue
titlejobTitleUser titleBi-Directionalfalsefalsefalsetrue
nickName-User nickname-falsefalsefalsetrue
organizationorganizationNameUser organizationBi-Directionalfalsefalsefalsetrue
timezone-User timezone.-falsefalsefalsetrue
userNameloginUnique identifier defined by the provisioning client. Atlassian SCIM service will verify the value and guarantee its uniqueness. This field is required during user creation or modificationBi-Directionaltruefalsefalsetrue
id-The unique ID for the userapp-to-idhubfalsefalsetruefalse
tip
  • Sync Direction of the Attributes depends on whether you regard Atlassian as your Trusted Source.
  • You should only synchronize from IDHub to Atlassian and not the reverse if Atlassian is not a trusted system in your case
  • For Atlassian connector userName is the account name field

Connector Application Configuration

Connector application is designed such that it works as the wrapper application to the different scim adapters. This majorly consists of the following:

Authentication

  • Basic Authentication is required
  • The encrypted values of username and password will be stored in the properties file

Resource Type

These are the two resource types available for the IDHUB connector. The "resourceName" attribute value in rest api calls will have one of these values.

  • Account - user account in the target system - this will include entitlement membership
  • Entitlement -available entitlements in the target system

Atlassian Connector Splice configuration

In order to provision, modify, and revoke two main resources, Accounts and Entitlements, the Atlassian Connector Splice integrates with the IDHub Connector Application. IDHub's Account translates into a User in SCIM and Atlassian, whereas IDHub's Entitlements translate into a Groups or policies in Atlassian. Atlassian provides SDK for Java to access data on Atlassian.

Connector Splice Design

Account Schema

The Account Schema configuration of the Atlassian connector Splice is as follows:

{
"attributes": [
{
"name": "department",
"description": "User department.",
"multiValued": false,
"idhubFieldName": "department",
"syncDirection": "bi-directional"
}, {
"name": "displayName",
"description": "User display name.",
"required": true,
"multiValued": false,
"returned": "always",
"idhubFieldName": "displayName",
"syncDirection": "bi-directional"
}, {
"name": "email",
"description": "The primary email for the user.",
"multiValued": false,
"mutability": "immutable",
"required": true,
"isRecon": true,
"caseExact": true,
"idhubFieldName": "email",
"syncDirection": "bi-directional"
}, {
"name": "familyName",
"description": "The family name of the User.",
"multiValued": false,
"caseExact": true,
"idhubFieldName": "lastName",
"syncDirection": "bi-directional"
}, {
"name": "givenName",
"description": "The given name of the User.",
"multiValued": false,
"caseExact": true,
"idhubFieldName": "firstName",
"syncDirection": "bi-directional"
}, {
"name": "title",
"description": "User title.",
"multiValued": false,
"caseExact": true,
"idhubFieldName": "jobTitle",
"syncDirection": "bi-directional"
}, {
"name": "nickName",
"description": "User nickname.",
"multiValued": false,
"caseExact": true
}, {
"name": "organization",
"description": "User organization.",
"multiValued": false,
"idhubFieldName": "organizationName",
"syncDirection": "bi-directional"
}, {
"name": "timezone",
"description": "User timezone. e.g. America/Los_Angeles .",
"multiValued": false,
"caseExact": true
}, {
"name": "userName",
"description": "Unique identifier defined by the provisioning client. Atlassian SCIM service will verify the value and guarantee its uniqueness. This field is required during user creation or modification. ",
"multiValued": false,
"caseExact": true,
"required": true,
"uniqueness": "server",
"idhubFieldName": "login",
"syncDirection": "bi-directional"
}, {
"name": "id",
"multiValued": false,
"description": "The unique ID for the user.",
"mutability": "readOnly",
"returned": "always",
"isVisible": false,
"isDisabled": true,
"syncDirection": "app-to-idhub"
}
]
}

Entitlement Schema

The Entitlement Schema configuration of the Atlassian connector Splice is as follows:

{
"attributes": [
{
"name": "description",
"description": "Description of entitlement",
"multiValued": false,
"required": true,
"returned": "always"
}, {
"name": "displayName",
"description": "The entitlement (Group / Project Role / Space) name",
"required": true,
"multiValued": false,
"returned": "always"
}, {
"name": "type",
"description": "Indicate type of entitlement",
"multiValued": false,
"required": true,
"returned": "always"
}, {
"name": "form",
"description": "Entitlement Form containing Entitlement Attributes",
"multiValued": true,
"required": false,
"returned": "always"
}
]
}

Connecting to IDHub

Atlassian connector of IDHub can be used both self hosted or Sath managed cloud connector.

info

Below install steps are for latest connector version install. To view previous version information, click here

Procuring Connector Package

For Self Hosted, go to deploy section to procure Atlassian package. This is managed by customers of Sath themselves or via Sath Dedicated Support packages. Go to next section for Self Hosted deployment.

For Cloud, go to IDHub connector subscription page here. This is Sath managed connector deployed in Sath’s Google Cloud Platform. To know how secure is our Cloud Connector Security, view this page.

Click Here to view more details about how to use IDHub's Cloud Connector Onboarding wizard to deploy the connector.

Deploying the Connector

info

This section is only for Self Hosted Deployments. For those using Sath-managed Cloud deployments can skip this section.

This section provides information of deploying the connector into client server.

Step 1 — Add the IDHub Repo

You can add the IDHub repo using the following command:

helm repo add sath https://repo.sath.com/repository/sath/

Step 2 — Install the Chart

helm upgrade --install atlassian-cloud sath/atlassian-cloud --set connectorUrl=<fqdn>,initConfig=atlassian-cloud --version 1.0.0
What is FQDN

FQDN is the connector URL. This is the IP address of your ingress, which is same as the load balance IP address of the ingress controller.

Step 3 — Proceed to Onboard

You can paste the FQDN url in your browser and then proceed to onboard the connector. Click Here to learn more about how to onboard the connector using our connector manager.

Step 4 — Review and Test

Post Onboard, Go to Reconciliation Logs in your tenant application using IDHub credentials and view account and entitlement reconciliation information.