• Home
• App Integrations
• Provisioning Integrations
• Atlassian Bitbucket Cloud Provisioning and Deprovisioning

Atlassian Bitbucket Cloud Provisioning and Deprovisioning

---

Atlassian Bitbucket Cloud SCIM Provisioning allows to create account in a simplified way and link Atlassian Bitbucket Cloud users' account to their existing or new apps. Atlassian Bitbucket Cloud Provisioning automates user provisioning with their identities.

Provisioning saves time when setting up new users and teams, and also manages access privileges through the user lifecycle. miniOrange can create, read, and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across multiple user stores.

Atlassian Bitbucket Cloud SCIM User provisioning and deprovisioning actions are bi-directional, so you can create accounts inside an external application and import them into miniOrange, or alternatively create the accounts in miniOrange and then push them out to any linked external applications.

Atlassian Bitbucket Cloud SCIM Deprovisioning means deleting a user and removing their access from multiple applications and network systems at once. Deprovisioning action is triggered when an employee leaves a company or changes roles within the organization. The deprovisioning features increase your organization's security profile by removing access to sensitive applications and content from people who leave your organization.

Provisioning & Deprovisioning Scenarios

miniOrange provides Provisioning solutions for all scenarios of user management (provisioning), which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as Atlassian Bitbucket Cloud, Google Workspace, Workday, etc

Prerequisites

There are a couple of things you need to do before you can provision external users into your sites and products:

• Get the user provisioning functionality for your identity provider.
• Make sure you're an admin for an Atlassian organization. See Organization administration.
• Verify one or more or your domains in your organization. See Domain verification.
• Subscribe to Atlassian Access from your organization. See Atlassian Access security policies and features.
• Make sure you're an admin for at least one Bitbucket site that you want to grant synced users access to.

Follow the step-by-step guide given below to setup Atlassian Bitbucket Provisioning

1. Configure Provisioning in Atlassian Bitbucket Cloud

• Login to your organization at admin.atlassian.com, click Directory and then User provisioning.
• Click Create a directory.



• Enter a name to identify the user directory, for example miniOrange users, then click Create.



• Copy the values for Directory base URL and API key. You'll need those for your app configuration later in miniOrange dashboard.

Note: Make sure you store these values in a safe place, as these are not shown again.




• You'll now add Bitbucket sites to your organization so that provisioned users can be granted access to the products. See the user provisioning page for more details about why you want to add a site to your organization.
  From the User provisioning page, click Add a site, select the site you want to add (e.g. example.atlassian.net), and follow the on-screen instructions.



• Note: To Configure product access for the provisioned groups and users:

  To grant product access to any newly provisioned users, set up product access for existing groups.

  • From the site (example.atlassian.net) you added in the previous step, go to Product access and find the Bitbucket section.
  • Click Add group and select or enter the name of the synchronized group.
  • Click Add groups to finish giving the group product access.
    You'll see a success flag that confirms the group is configured for product access. To learn more about configuring product access, see Update product access settings.
  • Do not make a synced group from your identity provider a default group. This may cause collisions when attempting to add users to the product that are not managed via SCIM.

2. Configure SCIM for Atlassian Bitbucket Cloud in miniOrange

• Login into miniOrange Admin Console.
• Click on Apps from the left-side navigation bar. Then click on Add Application.



• In the Choose Application section, select Provisioning from All Apps dropdown.



• Search for Atlassian Bitbucket Cloud in the list. If you don't find Atlassian Bitbucket Cloud in the list, search for SCIM Server and set up your application there.



• Under Basic Settings, enter Display Application Name and click Save to add the app.



• In the Authorization Configuration section, enter the Directory base URL in the SCIM Base URL field and the API key in the Bearer Token field that you got in Step 1.
• Click Test Connection to verify details.



• Then, click Save & Next button.

3. Attribute Mapping

• Navigate to the Attributes Mapping tab in your Atlassian Bitbucket Cloud provisioning configuration.
• Under this tab, you'll find two sections: Users and Groups, where you can map miniOrange attributes to Atlassian Bitbucket Cloud attributes for synchronization.




Users Mapping:

Note: The userName, name.givenName, name.familyName, emails[type eq \"work\"].value, displayName and active fields are required for Atlassian Bitbucket Cloud SCIM integration.


• In the Users section, map the attributes from miniOrange Attributes to the corresponding SCIM Server (Destination) Attributes.



• Once all required mappings are configured, click the Save & Next button to proceed.



Groups Mapping:

Note: If you don't need group provisioning, skip this step.

• Click on the Groups tab.
• Click Add A Row to add a new mapping.



• From the miniOrange Attributes dropdown, choose an attribute (like Group Name).
• In the SCIM Server (Destination) Attributes field, type the Atlassian Bitbucket Cloud attribute (like displayName).



• Click Save & Next when done.

4. miniOrange to SCIM Server

• In the miniOrange to SCIM Server (Destination) tab, there are two sections: Users and Groups. Each section contains a list of attributes and their functions when enabled. You can enable or disable them as needed.
  
  

  	Attribute	Description
  Users	Create Users	Enabling this option will create the user in the selected application upon user creation in miniOrange.
  	Update Users	Enabling this option will update the user profile in the selected application if updated in miniOrange.
  	Delete Users	Enabling this option will delete the user from the selected application if the user is deleted from the miniOrange.

  
  

  	Attribute	Description
  Groups	Create Group	Enabling this option will create the Group in the selected application upon Group creation in miniOrange.
  	Delete Group	Enabling this option will delete the Group from the selected application if the Group is deleted from the miniOrange.
  	Add/Remove Group membership of User	Enabling this option will add/remove the Group membership of a user from the selected application if the respective user group membership is updated from the miniOrange.
  	Update Group	Enabling this option will update the Group in the selected application upon Group updation in miniOrange.

  
  
  
  
• Click Save to apply these changes.

5. Create Group

To create a group, follow these steps:

• Go to the Manage Groups section in the Groups tab, located on the left side and click on Create Group Button.



• Enter the Group Name and click the Create Group button.



• You will be redirected to the Groups List Screen when you can see the newly created group.

6. App Policy (Provision Group to Atlassian Bitbucket Cloud App)

• Go to the App Login Policy section under Policies, and click Add Policy.



• Select the application you configured in the Apps tab (for example: Atlassian).
• Enter the Group Name you created (for example: AtlassianProvisioning).
• Enter a Policy Name of your choice (for example: AtlassianProvisioningPolicy).
• Click on Submit button to create a policy.



• You will receive a success notification upon policy creation, and the policy will be displayed in the App Login Policy section of the Policies tab.
• Provisioning configuration is complete now.
• Now, we can verify whether provisioning is working as expected.
• Go to the Manage Groups section under the Groups tab.
• Locate the group you created (e.g., AtlassianProvisioning), click Select, and then choose Assign Users.



• Ensure that users are already present in miniOrange or import them into the user list. This allows you to assign the user you want to provision in Atlassian Bitbucket Cloud.
• From the list below, select the user you want to provision, choose the Assign to Group option, and click Apply. This will automatically create the user in Atlassian Bitbucket Cloud services.

  Note: Assign users to a group that contains the authorized domain names for the configured application.

  To view the authorized domains, go to the Authorization Configuration section of the application you configured in the Apps tab.

  Only users whose email addresses match one of the authorized domains will be provisioned.

  
  
• Select the users whose email addresses belong to an authorized domain, then click Assign to Group, and finally click the Apply button.



• Users are automatically created in Atlassian Bitbucket Cloud services.
• To update a user, go to the User List, select the user you want to update, click Select, and then choose Edit.



• After updating the user, click the Save button. This will automatically update the user in Atlassian Bitbucket Cloud services.



• To delete a user, go to the Manage Groups section of the Groups tab. Then, navigate to the group from which the user needs to be deleted. In the Users column, click on the displayed number of users.



• Select the user you want to delete, choose Remove from Group as the action, and click the Apply button. This will automatically remove the user from Atlassian Bitbucket Cloud services as well.

View Provisioning Reports

External References

• miniOrange SCIM Provisioning
• User Lifecycle Management
• What is Provisioning? and how does it work?