![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 74%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Hello Elizabeth Guo,
Thank you for sharing the details. To achieve single sign-on for both Partner A and Partner B while keeping their groups isolated, you can follow these steps:
1.Create distinct groups for each partner in your identity provider (e.g., Microsoft Entra ID) and in Atlassian Cloud:
-
PartnerA-Jira-Users -
PartnerB-Jira-Users
2.Configure SSO and SCIM provisioning through Atlassian Access:
- Map each Entra ID group to its corresponding Atlassian group.
- Assign users to the correct group in Entra so they only see their respective projects.
3.Restrict access at the Jira project level:
- Use permission schemes to ensure Partner A’s group is only added to Partner A’s project and Partner B’s group only to Partner B’s project.
This approach ensures proper isolation and prevents cross-visibility between partners. If strict separation is required (e.g., compliance), consider separate Atlassian organizations for each partner.
Reference:
https://learn.microsoft.com/en-us/entra/identity/saas-apps/atlassian-cloud-tutorial
I am reaching you on teams for further assistance.