/
Understanding Atlassian Teams and IDP-Synced Groups

Understanding Atlassian Teams and IDP-Synced Groups

  • In progress

    • Key Concepts at a Glance

    Concept

    Description

    Concept

    Description

    Atlassian Teams

    Collaboration entities used across Orange Tracker/Answers for mentions, ownership, assignees, and reporting. They can be created and manually managed by any licensed user; admins can also create verified Teams linked to IDP groups for dynamic membership.

    IDP-Synced Groups

    Centralized access and policy units managed by your organization’s identity platform (e.g., SSO/SCIM). Used for product access, permissions, and compliance-driven membership.

    What is an Atlassian Team?

    An Atlassian Team is a named collection of people that you can @mention, assign ownership to, and report on across products. Teams are visible in Answers (e.g., page owners), Orange Tracker (e.g., issue fields, on-call ownership via integrations), and provide a human-friendly handle for work coordination.

    Core Capabilities

    • Collaboration: @mention a Team in pages, comments, and issues to notify all members.

    • Ownership and accountability: Set a Team as a service owner, component owner, or knowledge base owner to clarify responsibility.

    • Work routing: Use Teams in JSM for triage queues, escalation policies (via integrations), and shared inbox notifications.

    • Lightweight governance: Licensed users can create and manage Teams quickly for projects, squads, or initiatives.

    Membership Models

    • Manually managed Teams: Any licensed user can create and maintain membership; ideal for ad hoc collaboration.

    • Verified Teams (admin-managed): App admins can create verified Teams that are connected to existing IDP groups for dynamic, automatic membership.

    What is an IDP-Synced Group?

    An IDP-synced group is a centrally managed set of users provisioned from Entra to Atlassian. These groups are authoritative for access control, licensing, product roles, and permission schemes. Membership is governed by enterprise policies (SCIM/SSO).

    Core Capabilities

    • Access and permissions: Assign product access, space/project permissions, and admin roles using groups.

    • Lifecycle and compliance: Membership reflects HR systems of record; joiners/movers/leavers are updated automatically.

    • Policy enforcement: Ideal for standardized security requirements and audit readiness.

    How Teams and IDP Groups Differ

    Dimension

    Atlassian Teams

    IDP-Synced Groups

    Dimension

    Atlassian Teams

    IDP-Synced Groups

    Primary purpose

    Collaboration, ownership, mentions, routing

    Access control, permissions, compliance

    Who manages it

    Any licensed user (manual) or app admins (verified/dynamic)

    Identity/IT administrators via IDP provisioning

    Membership source

    Manual lists or dynamic via linked IDP group (verified Teams)

    Authoritative from IDP (SCIM/SSO)

    Best used for

    Squads, service/component owners, KB ownership, escalation targets

    Role-based access, product licensing, permission schemes

    When to Use Each

    • Use an Atlassian Team when you need a collaboration identity to route work, mention a group, or declare ownership in Orange Tracker/Answers. Great for day-to-day operations and project squads.

    • Use an IDP-Synced Group when you need to grant or restrict access or implement formal permission models and audit-ready controls.

    Combine them for the best of both:

    • Create a verified Atlassian Team linked to the corresponding IDP group to get dynamic, compliant membership plus rich collaboration features.

    • Keep access decisions in groups; keep operational ownership and notifications in Teams.

    Common JSM and Confluence Use Cases

    • Orange Tracker queues and escalations: Route incidents or requests to a Team responsible for a service or component; mention the Team in comments to engage responders.

    • Knowledge base ownership: Set a Team as the owner of an Answers space or article set to signal accountability and streamline updates.

    • Change/Release communication: @mention a Team on change records or Confluence release notes to notify all impacted members.

    Governance and Good Practices

    • Name clearly: Use consistent naming like “Team – Platform API” for Teams.

    • Prefer verified Teams for critical services: Link to IDP groups where accuracy and continuity matter (on-call, high-severity ownership).

    • Keep permissions in groups: Do not rely on Teams for access control; use IDP groups for product/space/project permissions.

    How to Request or Create

    1. Create or update an Atlassian Team: Licensed users can create a Team and add members. For verified Teams, contact your site/app admins to link to an IDP group.

    2. Set as owner/assignee: Add the Team to service/component ownership in Orange Tracker (JSM projects) or as page/component owners in Answers/Orange Tracker (JWM projects) where supported.

    3. For access/permissions: Submit a request to Identity/IT to add users to the proper IDP group and apply permissions accordingly.

    Need help? Contact the CDI Applications team via the https://support.atlassian.syr.edu/servicedesk/customer/portal/22/group/366/create/924 on their portal.

    FAQ

    No. Teams are not a substitute for IDP groups in permission schemes. Use groups for access; use Teams for collaboration and ownership.

    Any licensed user can create and manually manage a Team. App administrators can create verified Teams connected to IDP groups for dynamic membership.

    If the Team is linked to an IDP group (verified), the user is automatically removed via IDP lifecycle. For manual Teams, a Team maintainer must remove the user.