Atlassian IAM

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Note: This integration should be used as part of our IAM premium pack. For further details, visit our IAM pack documentation. For more information, please refer to the Identity Lifecycle Management article. Integrate with Atlassian's services to execute generic ILM management operations such as create, update, delete, etc, for employee lifecycle processes.

Configure Atlassian IAM on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Atlassian IAM.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Atlassian URLTrue
    Access TokenTrue
    Directory IDTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Enabled The Command iam-create-userIf set to false, iam-create-user command will be skipped, and user will not be created.False
    Enabled The Command iam-update-userFalse
    Enabled The Command iam-disable-userFalse
    Automatically create user if not found in update commandFalse
    Incoming MapperIncoming MapperTrue
    Outgoing MapperOutgoing MapperTrue
    • To allow the integration to access the mapper from within the code, as required by the ILM pack, both mappers have to be configured in their proper respective fields and not in the "Mapper (outgoing)" dropdown list selector.
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

iam-create-user#


Creates a user.

Base Command#

iam-create-user

Input#

Argument NameDescriptionRequired
user-profileUser Profile indicator details.Required
allow-enableWhen set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-create-user user-profile=`{"emails":[{"value":"testatlas@paloaltonetworks.com","type":"work","primary":"true"}],"is_active": "true", "userName":"testatlas@paloaltonetworks.com"}` using="Atlassian IAM_instance_1"

Context Example#

{
"IAM": {
"UserProfile": {
"emails": [
{
"primary": "true",
"type": "work",
"value": "testatlas@paloaltonetworks.com"
}
],
"is_active": "true",
"userName": "testatlas@paloaltonetworks.com"
},
"Vendor": {
"action": "create",
"active": true,
"brand": "Atlassian IAM",
"details": {
"active": true,
"emails": [
{
"primary": true,
"type": "work",
"value": "testatlas@paloaltonetworks.com"
}
],
"groups": [],
"id": "247b915a-9d6c-4cd5-b5a5-071b1b3abc2e",
"meta": {
"created": "2021-02-16T15:05:41.185473Z",
"lastModified": "2021-02-16T15:05:41.185473Z",
"location": "https://api.atlassian.com/scim/directory/315e79ae-404a-4061-8a88-df91c8c7db34/Users/247b915a-9d6c-4cd5-b5a5-071b1b3abc2e",
"resourceType": "User"
},
"schemas": [
"urn:scim:schemas:extension:atlassian-external:1.0",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:scim:schemas:extension:atlassian-external:1.0": {
"atlassianAccountId": "602bdf457b23f40068547c25"
},
"userName": "testatlas@paloaltonetworks.com"
},
"email": null,
"errorCode": null,
"errorMessage": "",
"id": "247b915a-9d6c-4cd5-b5a5-071b1b3abc2e",
"instanceName": "Atlassian IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "testatlas@paloaltonetworks.com"
}
}
}

Human Readable Output#

Create User Results (Atlassian IAM)#

brandinstanceNamesuccessactiveidusernamedetails
Atlassian IAMAtlassian IAM_instance_1truetrue247b915a-9d6c-4cd5-b5a5-071b1b3abc2etestatlas@paloaltonetworks.comschemas: urn:scim:schemas:extension:atlassian-external:1.0,
urn:ietf:params:scim:schemas:core:2.0:User,
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
userName: testatlas@paloaltonetworks.com
emails: {'value': 'testatlas@paloaltonetworks.com', 'type': 'work', 'primary': True}
meta: {"resourceType": "User", "location": "https://api.atlassian.com/scim/directory/315e79ae-404a-4061-8a88-df91c8c7db34/Users/247b915a-9d6c-4cd5-b5a5-071b1b3abc2e", "lastModified": "2021-02-16T15:05:41.185473Z", "created": "2021-02-16T15:05:41.185473Z"}
groups:
urn:scim:schemas:extension:atlassian-external:1.0: {"atlassianAccountId": "602bdf457b23f40068547c25"}
id: 247b915a-9d6c-4cd5-b5a5-071b1b3abc2e
active: true

iam-update-user#


Updates an existing user with the data passed in the user-profile argument.

Base Command#

iam-update-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
allow-enableWhen set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-update-user user-profile=`{"email": "testatlas@paloaltonetworks.com", "username": "testatlas@paloaltonetworks.com", "title": "Manager"}` using="Atlassian IAM_instance_1"

Context Example#

{
"IAM": {
"UserProfile": {
"email": "testatlas@paloaltonetworks.com",
"title": "Manager",
"username": "testatlas@paloaltonetworks.com"
},
"Vendor": {
"action": "update",
"active": true,
"brand": "Atlassian IAM",
"details": {
"active": true,
"emails": [
{
"primary": true,
"type": "work",
"value": "testatlas@paloaltonetworks.com"
}
],
"groups": [],
"id": "247b915a-9d6c-4cd5-b5a5-071b1b3abc2e",
"meta": {
"created": "2021-02-16T15:05:41.185473Z",
"lastModified": "2021-02-16T15:05:41.185473Z",
"location": "https://api.atlassian.com/scim/directory/315e79ae-404a-4061-8a88-df91c8c7db34/Users/247b915a-9d6c-4cd5-b5a5-071b1b3abc2e",
"resourceType": "User"
},
"schemas": [
"urn:scim:schemas:extension:atlassian-external:1.0",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:scim:schemas:extension:atlassian-external:1.0": {
"atlassianAccountId": "602bdf457b23f40068547c25"
},
"userName": "testatlas@paloaltonetworks.com"
},
"email": "testatlas@paloaltonetworks.com",
"errorCode": null,
"errorMessage": "",
"id": "247b915a-9d6c-4cd5-b5a5-071b1b3abc2e",
"instanceName": "Atlassian IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "testatlas@paloaltonetworks.com"
}
}
}

Human Readable Output#

Update User Results (Atlassian IAM)#

brandinstanceNamesuccessactiveidusernameemaildetails
Atlassian IAMAtlassian IAM_instance_1truetrue247b915a-9d6c-4cd5-b5a5-071b1b3abc2etestatlas@paloaltonetworks.comtestatlas@paloaltonetworks.comschemas: urn:scim:schemas:extension:atlassian-external:1.0,
urn:ietf:params:scim:schemas:core:2.0:User,
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
userName: testatlas@paloaltonetworks.com
emails: {'value': 'testatlas@paloaltonetworks.com', 'type': 'work', 'primary': True}
meta: {"resourceType": "User", "location": "https://api.atlassian.com/scim/directory/315e79ae-404a-4061-8a88-df91c8c7db34/Users/247b915a-9d6c-4cd5-b5a5-071b1b3abc2e", "lastModified": "2021-02-16T15:05:41.185473Z", "created": "2021-02-16T15:05:41.185473Z"}
groups:
urn:scim:schemas:extension:atlassian-external:1.0: {"atlassianAccountId": "602bdf457b23f40068547c25"}
id: 247b915a-9d6c-4cd5-b5a5-071b1b3abc2e
active: true

iam-get-user#


Retrieves a single user resource.

Base Command#

iam-get-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-get-user user-profile=`{"email": "test@paloaltonetworks.com", "username": "testDemisto"}` using="Atlassian IAM_instance_1"

Context Example#

{
"IAM": {
"UserProfile": {
"Email": "test@paloaltonetworks.com",
"Title": "Team Lead",
"Username": "testDemisto"
},
"Vendor": {
"action": "get",
"active": null,
"brand": "Atlassian IAM",
"details": {
"emails": [
{
"primary": true,
"type": "work",
"value": "test@paloaltonetworks.com"
}
],
"groups": [],
"id": "550364dd-1c1e-4953-bffc-418fce013c2e",
"meta": {
"created": "2021-02-15T13:26:34.13545Z",
"lastModified": "2021-02-15T17:01:01.876067Z",
"location": "https://api.atlassian.com/scim/directory/315e79ae-404a-4061-8a88-df91c8c7db34/Users/550364dd-1c1e-4953-bffc-418fce013c2e",
"resourceType": "User"
},
"schemas": [
"urn:scim:schemas:extension:atlassian-external:1.0",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"title": "Team Lead",
"urn:scim:schemas:extension:atlassian-external:1.0": {
"atlassianAccountId": "5f3589458d89e30046317d34"
},
"userName": "testDemisto"
},
"email": null,
"errorCode": null,
"errorMessage": "",
"id": "550364dd-1c1e-4953-bffc-418fce013c2e",
"instanceName": "Atlassian IAM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "testDemisto"
}
}
}

Human Readable Output#

Get User Results (Atlassian IAM)#

brandinstanceNamesuccessidusernamedetails
Atlassian IAMAtlassian IAM_instance_1true550364dd-1c1e-4953-bffc-418fce013c2etestDemistoschemas: urn:scim:schemas:extension:atlassian-external:1.0,
urn:ietf:params:scim:schemas:core:2.0:User,
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
userName: testDemisto
emails: {'value': 'test@paloaltonetworks.com', 'type': 'work', 'primary': True}
title: Team Lead
meta: {"resourceType": "User", "location": "https://api.atlassian.com/scim/directory/315e79ae-404a-4061-8a88-df91c8c7db34/Users/550364dd-1c1e-4953-bffc-418fce013c2e", "lastModified": "2021-02-15T17:01:01.876067Z", "created": "2021-02-15T13:26:34.13545Z"}
groups:
urn:scim:schemas:extension:atlassian-external:1.0: {"atlassianAccountId": "5f3589458d89e30046317d34"}
id: 550364dd-1c1e-4953-bffc-418fce013c2e

iam-disable-user#


Disable an active user.

Base Command#

iam-disable-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-disable-user user-profile=`{"email": "testdemisto@paloaltonetworks.com", "username": "Demisto"}` using="Atlassian IAM_instance_1"

Context Example#

{
"IAM": {
"UserProfile": {
"email": "testdemisto@paloaltonetworks.com",
"username": "Demisto"
},
"Vendor": {
"action": "disable",
"active": null,
"brand": "Atlassian IAM",
"details": null,
"email": "testdemisto@paloaltonetworks.com",
"errorCode": null,
"errorMessage": "",
"id": null,
"instanceName": "Atlassian IAM_instance_1",
"reason": "User does not exist",
"skipped": true,
"success": true,
"username": null
}
}
}

Human Readable Output#

Disable User Results (Atlassian IAM)#

brandinstanceNameskippedreason
Atlassian IAMAtlassian IAM_instance_1trueUser does not exist