Limitations of Migrating from OpenMRS ID to a new SSO System


There exists a degree of ambiguity as to whether we are still associated with Keycloak, and despite some efforts towards it, there is presently no apparent means to assign users/groups (beyond Keycloak) to Atlassian Access or other applications through System for Cross Domain Identity Management (SCIM).

While there is a potential solution in the form of scim-for-keycloak, the proprietor of the aforementioned repository (Captain-P-Goldfish) has stated that it is not capable of provisioning users outside of Keycloak to third-party applications. You may find additional information regarding this matter in this discussion thread.

Currently, there is a created issue for both Red Hat and Keycloak regarding the implementation of SCIM functionality. Please see the following links for further details:

The below is just a thought though

It may be worth considering alternative identity providers that offer full SCIM support in conjunction with Atlassian Access. Some of these options include,

  • Auth0
  • CyberArk Idaptive (formerly Centrify)
  • Google Workspace
  • JumpCloud
  • Microsoft Azure Active Directory (AD)
  • Okta
  • OneLogin
  • Ping Identity.

A comprehensive list of supported identity providers can be found here.

cc @burke @cintiadr @grace @kdaud @dkayiwa @jennifer