When you try to connect Atlassian Cloud to Trelica you will be asked for an Atlassian Organization ID and API key. This article shows you how to configure these.
Atlassian Cloud has different administrator roles. You must be an Organization Admin with Atlassian Cloud in order to connect with Trelica.
As an Organization Admin, you may have received an invitation from someone in your IT team asking you to connect Atlassian Cloud to Trelica.
The Atlassian Cloud integration will bring in information about users of Cloud Atlassian products like Jira Core, Jira Software, Jira Service Desk, Confluence, Bitbucket, and Trello. Separate integrations are available for self-managed Atlassian tools.
Login to Atlassian Admin.
Checking whether Atlassian Cloud is configured
Atlassian Cloud brings together all users from one or more specified domains that have Atlassian accounts into an organization directory. These accounts then become "managed" by your organization. You need to register at least one domain to start managing cloud accounts.
You can easily check whether you have done this.
Click on the N managed accounts link for the Organization you want to connect with:
You should see a list of managed user accounts:
You need to have ownership of a domain to connect to Atlassian Cloud.
If you don't then please configure this under the Directory > Domains menu option.
Find out more about connecting Google Workspace to Atlassian Admin or if you are using a different Identity Provider, you will need to subscribe to Atlassian Access.
Creating an API key
Click on the Settings menu:
Then choose API keys, and click Create API key:
In the dialog that appears, enter a name (e.g. Trelica) and an expiration date. We suggest using the maximum expiry date which is 1 year from today. Then click Create:
Finally you will see your Organization ID and API key:
You should copy these and paste them straight into Trelica, or keep them secure until you are ready to configure the Atlassian integration in Trelica:
Provision users with Atlassian Access
Atlassian Access is a paid additional module for Atlassian Cloud which lets you manage user accounts.
Atlassian Access provides a centralised directory of users that can be managed by a third-party service such as Trelica using a protocol called SCIM.
Users or groups managed through Atlassian Access cannot be changed through the normal Atlassian Admin UI, only through the third-party service.
You use the regular Atlassian Cloud Admin tools to assign groups and users managed through Atlassian Access to Atlassian products.
Before you connect Trelica to Atlassian Access, you must make sure you have created an Atlassian Cloud Directory.
When you connect to Atlassian Cloud from Trelica you must select the Provisioning checkbox, and as well as the Organization ID and API key described earlier in this article, you will need to enter the Directory base URL and Directory API Key.
These are shown when you first create the directory in Atlassian Access:
If you don't have these to hand then you can find the ID for the Directory by going to Directory > User provisioning > Groups tab
The Directory base URL will be https://api.atlassian.com/scim/directory/`ID`
To regenerate the API key go to Directory > User provisioning > Directory tab and click Regenerate API key:
If you regenerate the API key then any other applications using the Directory will need to be updated with the new key, as the previous key will be invalidated.
When Trelica connects for the first time it creates four new groups in the Atlassian Access Directory:
These mirror the standard Atlassian Admin default groups for assigning users to applications.
You will need to manually assign these groups to the relevant products under the Product access tab:
Choose Add group:
Search for the relevant group and click Add groups:
You will see a message confirming that access has been updated. There appears to be a bug in Atlassian Access which means that you only see the group in the list after you refresh the page.
In Trelica you can now provision users to Atlassian applications by assigning users to these groups.
Please sign in to leave a comment.