add docs for atlassian account provisioning #52
Conversation
📝 WalkthroughWalkthroughAdds SCIM-based account provisioning documentation and configuration guidance for the Atlassian connector, including steps to gather SCIM credentials, new environment variables ( Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
baton/atlassian.mdx (1)
1-8:⚠️ Potential issue | 🟡 MinorAdd the required editor refresh comment.
MDX docs must include
{/* Editor Refresh: YYYY-MM-DD */}. Please add it right after the frontmatter.✅ Suggested insertion
--- title: "Set up an Atlassian connector" description: "ConductorOne provides identity governance and just-in-time provisioning for Atlassian. Integrate your Atlassian instance with ConductorOne to run user access reviews (UARs) and enable just-in-time access requests." og:title: "Set up an Atlassian connector" og:description: "ConductorOne provides identity governance and just-in-time provisioning for Atlassian. Integrate your Atlassian instance with ConductorOne to run user access reviews (UARs) and enable just-in-time access requests." sidebarTitle: "Atlassian" --- +{/* Editor Refresh: 2026-02-02 */}
🤖 Fix all issues with AI agents
In `@baton/atlassian.mdx`:
- Line 19: Replace the incorrect sentence on line 19 with a corrected, styled
version that uses second-person ("you can"), the relative path
../product/admin/account-provisioning, and specifies SCIM 2.0; remove the false
claim that SCIM sends invitation emails and instead note that new users are
created without passwords and must be invited separately via the Admin UI or the
Org Admin API (e.g., "You can use the Atlassian connector to provision accounts
automatically with the SCIM 2.0 API. See [automatic account
provisioning](../product/admin/account-provisioning). New users are created
without passwords and must be invited separately through the Admin UI or API.").
- Around line 55-75: Change the heading "Gather SCIM credentials for account
provisioning (Optional)" to sentence case ("Gather SCIM credentials for account
provisioning (optional)"); add a short "Prerequisites" paragraph before the
<Steps> block listing at minimum Atlassian admin access and that
provisioning/Identity Provider setup is required; and fix the nested list inside
the <Step> that mentions BATON_SCIM_TOKEN and BATON_SCIM_BASE_URL by increasing
its indentation or converting it to an explicit nested bullet list inside the
<Step> component so it renders correctly as a sublist.
|
|
||
| This connector can provision roles in Atlassian workspaces. Depending on your Atlassian implementation, not all roles may be available for all workspaces, and some roles can be only configured if the user meets certain requirements. The Atlassian connector is unable to predict whether a role will be available to a user before the role is requested, but the connector will show an error if a requested role cannot be provisioned. | ||
|
|
||
| The Atlassian connector supports [automatic account provisioning](/product/admin/account-provisioning) via SCIM API. New users are created without passwords and receive invitation emails to activate their accounts. |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Check the file exists and its content
cat baton/atlassian.mdxRepository: ConductorOne/docs
Length of output: 11861
🏁 Script executed:
# Check directory structure to verify the relative path suggestion
find . -name "account-provisioning*" -o -name "*provisioning*" | head -20Repository: ConductorOne/docs
Length of output: 313
🌐 Web query:
Atlassian SCIM 2.0 API documentation user provisioning invitation email
💡 Result:
Atlassian’s SCIM 2.0 user provisioning (Atlassian Access / User provisioning REST API) does not send an “invitation” email when a user is created/synced via SCIM. Atlassian explicitly states: “We don’t send users an invitation when they’re provisioned from an identity provider through SCIM …”. [1][2]
If you need an email to go out, you must use a separate invite flow, for example:
- Admin UI: Directory → Users → Invite users (and you can also “Resend invite” for a specific user). [2]
- Org Admin API (Invite user to org):
POST /admin/v1/orgs/{orgId}/users/inviteand setsendNotification: trueto send the email (optionally withnotificationText). [3]
Relevant docs:
- User provisioning (SCIM) REST API landing pages (SCIM integration overview / getting started). [4]
- User provisioning behavior (“no invitation email via SCIM”). [1]
Sources
[1] Atlassian Support – Understand user provisioning (support.atlassian.com)
[2] Atlassian Support – Invite a user / create, edit, and delete users (support.atlassian.com)
[3] Atlassian Developer – Organizations REST API: Invite user to org (developer.atlassian.com)
[4] Atlassian Developer – User provisioning REST API (SCIM) – About / Getting started (developer.atlassian.com)
Citations:
- 1: https://support.atlassian.com/provisioning-users/docs/understand-user-provisioning/?utm_source=openai
- 2: https://support.atlassian.com/jira-cloud-administration/docs/create-edit-and-delete-users/?utm_source=openai
- 3: https://developer.atlassian.com/cloud/admin/organization/rest/api-group-users/?utm_source=openai
- 4: https://developer.atlassian.com/cloud/admin/user-provisioning/about/?utm_source=openai
Correct the factual error and apply documentation style standards.
The relative path suggestion is correct, and specifying SCIM 2.0 aligns with coding guidelines. However, the core claim in this sentence is factually incorrect: Atlassian's official documentation explicitly states that SCIM provisioning does not send invitation emails. Per Atlassian, "We don't send users an invitation when they're provisioned from an identity provider through SCIM." Atlassian Docs: Understand user provisioning
Users only receive invitations through separate flows (Admin UI or the Org Admin API with sendNotification: true).
Rewrite line 19 to:
- Use second person ("you can")
- Apply the correct relative path (
../product/admin/account-provisioning) - Specify SCIM 2.0
- Remove the incorrect statement about invitation emails, or clarify that invitations require a separate process
Example: "You can use the Atlassian connector to provision accounts automatically with the SCIM 2.0 API. See automatic account provisioning. New users are created without passwords and must be invited separately through the Admin UI or API."
🤖 Prompt for AI Agents
In `@baton/atlassian.mdx` at line 19, Replace the incorrect sentence on line 19
with a corrected, styled version that uses second-person ("you can"), the
relative path ../product/admin/account-provisioning, and specifies SCIM 2.0;
remove the false claim that SCIM sends invitation emails and instead note that
new users are created without passwords and must be invited separately via the
Admin UI or the Org Admin API (e.g., "You can use the Atlassian connector to
provision accounts automatically with the SCIM 2.0 API. See [automatic account
provisioning](../product/admin/account-provisioning). New users are created
without passwords and must be invited separately through the Admin UI or API.").
There was a problem hiding this comment.
@aldevv I don't know if CodeRabbit knows what it's talking about here ... can you review this comment and decide if we need to make an update? Thanks!
There was a problem hiding this comment.
Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!
baton/atlassian.mdx
Outdated
| ### Gather SCIM credentials for account provisioning (Optional) | ||
|
|
||
| If you plan to use account provisioning to create new users, you'll need SCIM API credentials. | ||
|
|
||
| <Steps> | ||
| <Step> | ||
| Log into [your Atlassian account](https://admin.atlassian.com/). | ||
| </Step> | ||
| <Step> | ||
| Navigate to **Security** > **User Security** > **Identity Providers**. | ||
| </Step> | ||
| <Step> | ||
| Configure an identity provider with provisioning enabled. After configuring it, you will | ||
| get a window with both: | ||
| - The **SCIM token** (`BATON_SCIM_TOKEN`) | ||
| - The **SCIM base URL** (`BATON_SCIM_BASE_URL`) | ||
| </Step> | ||
| <Step> | ||
| Carefully copy and save both values. You'll need them to configure account provisioning. | ||
| </Step> | ||
| </Steps> |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, find the file and check its location
fd -t f "atlassian.mdx"Repository: ConductorOne/docs
Length of output: 80
🏁 Script executed:
# Read the specific section mentioned (lines 55-75)
sed -n '50,80p' $(fd -t f "atlassian.mdx") | cat -nRepository: ConductorOne/docs
Length of output: 1510
🏁 Script executed:
# Check if there are any other references or context in the file about prerequisites
rg -n "Prerequisites|prerequisites" baton/atlassian.mdx -A 2 -B 2Repository: ConductorOne/docs
Length of output: 43
🏁 Script executed:
# Check the full structure of the file to understand context
head -60 baton/atlassian.mdx | tail -15Repository: ConductorOne/docs
Length of output: 630
🏁 Script executed:
# Check for other procedural sections in the file to understand the pattern
rg -n "^###" baton/atlassian.mdx | head -20Repository: ConductorOne/docs
Length of output: 440
🏁 Script executed:
# Check if other sections have prerequisites sections
rg -n -B 5 "<Steps>" baton/atlassian.mdx | head -40Repository: ConductorOne/docs
Length of output: 1311
🏁 Script executed:
# Check the exact structure and content of the suggested prerequisites section
cat -n baton/atlassian.mdx | sed -n '55,75p'Repository: ConductorOne/docs
Length of output: 937
🏁 Script executed:
# Look for how prerequisites are formatted in other parts of the file
rg -B 10 "^<Steps>" baton/atlassian.mdx | head -40Repository: ConductorOne/docs
Length of output: 1397
🏁 Script executed:
# Check the context around section title to understand if this is truly optional
cat -n baton/atlassian.mdx | sed -n '50,85p'Repository: ConductorOne/docs
Length of output: 1715
🏁 Script executed:
# Review the exact line indentation in the current file
od -c baton/atlassian.mdx | sed -n '2200,2300p'Repository: ConductorOne/docs
Length of output: 101
🏁 Script executed:
# Check if there are other examples of prerequisites sections in the file
cat -n baton/atlassian.mdx | grep -A 3 "Prerequisites\|To complete this task"Repository: ConductorOne/docs
Length of output: 302
🏁 Script executed:
# Verify the context around the identity provider step more carefully
cat -n baton/atlassian.mdx | sed -n '55,75p' | grep -A 2 "identity provider"Repository: ConductorOne/docs
Length of output: 252
🏁 Script executed:
# Check exact indentation of the Step content and the list items
python3 << 'EOF'
with open('baton/atlassian.mdx', 'r') as f:
lines = f.readlines()
for i in range(66, 71): # Lines 67-71 (0-indexed, so 66-70)
line = lines[i]
spaces = len(line) - len(line.lstrip())
print(f"Line {i+1}: {spaces} spaces | {repr(line[:50])}")
EOFRepository: ConductorOne/docs
Length of output: 368
🏁 Script executed:
# Check how other procedural sections structure prerequisites
rg -B 15 "^### Create\|^### Configure\|^### Set up" baton/atlassian.mdx | head -50Repository: ConductorOne/docs
Length of output: 43
🏁 Script executed:
# Check the frontmatter and overall structure to confirm this is MDX
head -20 baton/atlassian.mdxRepository: ConductorOne/docs
Length of output: 1720
🏁 Script executed:
# Review other conditional/optional sections to see how they handle prerequisites
rg -B 3 -A 10 "^\(Optional\)" baton/atlassian.mdxRepository: ConductorOne/docs
Length of output: 43
Fix heading case, add prerequisites, and indent the SCIM list inside the Step.
This section is procedural, so add prerequisites before the steps and use sentence‑case in the heading. Also increase indentation of the nested bullet list for proper rendering inside the <Step> component.
Suggested edits
-### Gather SCIM credentials for account provisioning (Optional)
+### Gather SCIM credentials for account provisioning (optional)
+
+**Prerequisites**
+- You are an Atlassian org admin.
+- You have an identity provider with provisioning enabled.
<Steps>
<Step>
Log into [your Atlassian account](https://admin.atlassian.com/).
</Step>
<Step>
Navigate to **Security** > **User Security** > **Identity Providers**.
</Step>
<Step>
- Configure an identity provider with provisioning enabled. After configuring it, you will
- get a window with both:
- - The **SCIM token** (`BATON_SCIM_TOKEN`)
- - The **SCIM base URL** (`BATON_SCIM_BASE_URL`)
+ Configure an identity provider with provisioning enabled. You will see a window with:
+ - The **SCIM token** (`BATON_SCIM_TOKEN`)
+ - The **SCIM base URL** (`BATON_SCIM_BASE_URL`)
</Step>🤖 Prompt for AI Agents
In `@baton/atlassian.mdx` around lines 55 - 75, Change the heading "Gather SCIM
credentials for account provisioning (Optional)" to sentence case ("Gather SCIM
credentials for account provisioning (optional)"); add a short "Prerequisites"
paragraph before the <Steps> block listing at minimum Atlassian admin access and
that provisioning/Identity Provider setup is required; and fix the nested list
inside the <Step> that mentions BATON_SCIM_TOKEN and BATON_SCIM_BASE_URL by
increasing its indentation or converting it to an explicit nested bullet list
inside the <Step> component so it renders correctly as a sublist.
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
baton/atlassian.mdx (1)
8-9:⚠️ Potential issue | 🟡 MinorAdd required Editor Refresh comment.
Suggested edit
--- title: "Set up an Atlassian connector" description: "ConductorOne provides identity governance and just-in-time provisioning for Atlassian. Integrate your Atlassian instance with ConductorOne to run user access reviews (UARs) and enable just-in-time access requests." og:title: "Set up an Atlassian connector" og:description: "ConductorOne provides identity governance and just-in-time provisioning for Atlassian. Integrate your Atlassian instance with ConductorOne to run user access reviews (UARs) and enable just-in-time access requests." sidebarTitle: "Atlassian" --- +{/* Editor Refresh: 2026-02-04 */}As per coding guidelines, add editor refresh comment in format
{/* Editor Refresh: YYYY-MM-DD */}to MDX documentation files.
2 participants
Summary by CodeRabbit
New Features
Documentation