Unitlane logo Unitlane Governed Jira admin software
Topic hub

SCIM and External Groups

SCIM and externally managed groups create ownership boundaries. Local admins still need a review path that records what can and cannot be changed locally. This hub gives admins a structured way to move from broad explanation to a concrete review path without turning every question into a product pitch.

What this topic covers

Use this hub when the work needs a repeatable admin answer.

SCIM and identity provisioning can own membership changes, but they do not remove the need to review local billable access and cleanup evidence. The goal is to help a cautious Jira or Atlassian administrator decide what to check, what to hold out, and what evidence to keep.

  • Primary admin checks: Whether the group or user is externally managed; Which identity owner must approve the change; Whether local product access still keeps the user billable
  • Common failure modes: Assuming SCIM fixes license waste by itself; Making local changes that an IdP will later reverse; Treating default groups and IdP groups as the same risk
  • Product route: License Guard
Operational path

Read first. Compare only when the decision requires it.

Broad educational pages should answer the admin question directly. Commercial pages should appear when the reader needs approval, evidence, a repeatable review, or a safer way to decide before action.

Related use case Related comparison
Featured articles

Start with the problem that matches the admin screen in front of you.

These are static, crawlable links. They do not depend on filters or query strings.

scim vs manual cleanup Atlassian

SCIM vs Manual Cleanup in Atlassian

SCIM should own identity-provider driven user and group membership changes, while manual Atlassian cleanup should focus on local product access, local groups,.

 externally managed groups Atlassian

Externally Managed Groups in Atlassian Explained

Externally managed groups in Atlassian are groups whose membership is controlled outside Atlassian, usually through an identity provider and SCIM, so local.

 identity provisioning license waste Atlassian

Why Identity Provisioning Does Not Fix License Waste by Itself

Identity provisioning does not fix Atlassian license waste by itself because it manages users and groups from the identity provider, while billable access can.

 scim synced groups cleanup Atlassian

How to Review SCIM-Synced Groups Before Cleanup

Before cleaning up a SCIM-synced Atlassian group, confirm the group source, owner, product-access impact, Jira permission references, default-group overlap, and.

 default groups vs scim groups Atlassian

Default Groups vs IdP Groups in Atlassian

Default groups are Atlassian-managed groups used to grant app roles automatically, while IdP groups are externally managed groups synchronized from an identity.

 externally managed access cleanup Atlassian

When to Route a Cleanup Case Out of Local Admin Work

Route an Atlassian cleanup case out of local admin work when the durable decision belongs to an IdP owner, HR owner, security owner, app owner, project owner, or.
Existing library anchors

Use the established pages where they already own the intent.

The hub points to existing strong pages instead of creating near-duplicate landing pages.

SCIM and Externally Managed Groups

Continue with the adjacent page when the review needs a narrower operational answer.

Default Groups and License Spend

Continue with the adjacent page when the review needs a narrower operational answer.

Audit Jira Access Without Spreadsheets

Continue with the adjacent page when the review needs a narrower operational answer.
Related topic hubs

Move sideways only when the admin problem changes.

FAQ

Questions this hub is meant to answer

What does this scim and external groups hub cover?

It covers scim and identity provisioning can own membership changes, but they do not remove the need to review local billable access and cleanup evidence.

Where should an admin start?

Start with the article that matches the active operational question, then move to the use case or compare page only when a tool decision is actually on the table.

How does Unitlane avoid generic governance content?

The hub stays inside Jira groups, permissions, product access, license cleanup, user lifecycle, SCIM boundaries, and proof for those workflows.