Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Trying to update the name of a managed account user via API

David Mahoney
David Mahoney May 3, 2024

All I want to do is update the "Full Name" field of user, using the REST API.  Our environment:

- Atlassian Access, JIRA and Confluence

- claimed domain with all our users.  All managed accounts.

- using an Identity Provider - SAML integration with our internal SSO system

- two Authentication policies one for "local" accounts which does not go through SSO (a handful of service accounts), the other for SSO users.

For users in the "Local" authentication policy, I can use the User Management API to successfully update the Full Name, no problems.

For users in the "SSO" authentication policy, this errors out:

{"key":"forbidden.fieldMutation","context":{"name":{"allowed":false,"reason":{"key":"authPolicy.saml"}}},"errorKey":"forbidden.field-mutation","errorDetail":{"name":{"allowed":false,"reason":{"key":"authPolicy.saml"}}}}

Ok, so I assume this is because we need to use the User Provisioning API to manipulate users in the SSO policy.  However, when I try to use this API, it can't even find the user:

curl --request GET \
--url 'https://api.atlassian.com/scim/directory/<User Provisioning Dir ID>/Users/<user key>?attributes={attributes}' \
--header 'Authorization: Bearer <user provisioning API key>' \
--header 'Accept: application/json'

{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"404","detail":"Resource [USER] <user key> not found"}

Just to clarify, we do not use SCIM user provisioning to automatically create or provision users.  Our internal SAML provider does not support this.   But when users are created, they are automatically claimed into our domain and placed into the SSO default authentication policy.

Users can be manually edited via the GUI, but I've got a couple hundred names to fix and would like an automated method.

Suggestions?

Thank you in advance

EDIT 2024-05-07:  Ok, I'm learning how more of this works.  I was able to use the User Provisioning API to outright create a brand new user, as well as add an existing user to the list of "synced" users.  This generates yet ANOTHER user id string, specific to the identity provider.  THIS id can be used in the API call above, and in the User Provisioning API call to update DisplayName.

HOWEVER

We do not (yet) sync our Atlassian Cloud managed users to anything, and thus using the UP-API to update names seems like overkill.  Is there no other way to just update a name for a managed, SAML-authenticated user?

 

Answer
Watch
Like Richard White _TechTime_ likes this
151 views

1 answer

0 votes
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 3, 2024

@David Mahoney -

It is my understanding that when a company uses Atlassian Access to use their own IDP for users to authenticate against Atlassian products, then the source of the truth on user's account is managed in the IDP side.

So all account updates should be done in your IDP side, and then it will automatically update the accounts.  May I ask why you are trying to use API to change user accounts?

Best, Joseph Chung Yin 

View More Comments
David Mahoney
David Mahoney May 3, 2024

Thanks for your response.

We're only using the IDP/SAML integration for authentication.   Our IDP does not support SCIM, and therefore if we want to automate anything related to user management, it has to be done through an API.

Like
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 3, 2024

Hi David:

Thanks for your update.  I would recommend that you to contact Atlassian Support (https://support.atlassian.com) to get their recommendations on your API issue.

If my suggestion helped you, please click on "Accept answer" when you have a chance.  Also if you can share with us on Atlassian support's response too, so we can all learn from it.

Sorry.

Best, Joseph

Like
David Mahoney
David Mahoney May 7, 2024

Thanks - I have updated a support req, and also updated my question above with new info.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

    See all events