When creating an Atlassian Admin connection in Workflows, must specify the API Token and Directory ID. The API Token is generated when User Provisioning is configured for the Okta Identity Provider in the Atlassian Admin site. See the Atlassian documentation referenced below for configuring user provisioning with Okta.
Using an API Key generated from the Settings > API Keys section of the Atlassian Admin site to create the connection is not sufficient and will fail with an error similar to the following:
{
"error": "Not authorized to access : scim/directory/{directoryId}/Users",
"traceId": "e40ee97f819a2465"
}
- Atlassian Admin Connector
When configuring the provisioning for the Otka IdP in the Atlassian Admin site, the API key and SCIM base URL containing the Directory ID are generated. The API key must be copied and stored in a safe place, as it cannot be retrieved later. If the API key for user provisioning is not available, it must be regenerated.
NOTE: Regenerating a new API key will disable the existing key. Make sure to know where the existing key is being used so it can be updated after generating a new key. For example, the provisioning configuration for the Atlassian Cloud OIN app will need to be updated from the Okta Admin dashboard.
To regenerate the API key in the Atlassian Admin site:
-
Navigate to Security > Identity Providers.
-
If a Directory for the Okta identity provider has been configured, it will be included in the list. Click on the Directory name to open the configuration page, then click on the ellipsis menu in the User provisioning section to access the Regenerate API key menu item:
-
Click the Regenerate API key, and the following message will be displayed:
NOTE: Regenerating a new API key will disable the existing key. Click the Regenerate key, and the new key and Directory base URL will be generated.
