User Import and Sync
You can import users and groups from external identity providers into your organization by setting up authentication modules. This feature allows seamless integration with your existing identity management solutions. It also means you don't need to create and manage these groups and user accounts manually in YouTrack.
Currently, the following three authentication modules support user and group import:
Microsoft Entra ID (formerly Azure Active Directory)
Prerequisites
Before you begin, ensure the following:
You have administrative access to your external identity provider (Microsoft Entra ID, Okta, or JetBrains Account).
You have the required credentials and permissions to retrieve users and group data from your identity provider.
You have Low-level Write permission for your YouTrack site.
Set Up an Authentication Module
The first step is to set up an authentication module in your application to connect with the external identity provider. For detailed instructions, refer to the setup instructions for the identity management platform used by your organization.
Synchronize Users and Groups
YouTrack has two schemes for synchronizing user accounts.
The first scheme is applied during login.
Any time a user uses credentials from an external identity management platform, YouTrack synchronizes the user profile and group membership data with the information stored in the identity provider account. This synchronization is performed per user.
The second scheme is applied according to the schedule defined in the authentication module. This scheme applies to all users and groups.
If the Scheduled sync setting is enabled, you can choose from one of three predefined intervals:
Hourly
Every 3 hours
Daily at 9 AM
You can also launch the synchronization manually at any time by clicking the Sync now button in the header of the page for the authentication module connected to the identity provider.
If the setting is disabled, group memberships are still synchronized on a per-user basis during login.
The synchronization feature is only active when the authentication module is Enabled.
SCIM 2.0 Provisioning
YouTrack supports provisioning of users and groups from external identity providers using the SCIM 2.0 standard. This means you can sync group membership and user profiles with any service provider that supports SCIM.
To enable SCIM provisioning, you need to set up an authentication module for the external identity provider. You can then configure the identity provider to exchange information using the SCIM endpoint for YouTrack. The authentication module then synchronizes users and groups from the external identity provider.
This setup requires that you store the following information in the SCIM provisioning settings for your IdP:
The SCIM endpoint URL for your YouTrack site. This endpoint is:
<youtrack-base-url>/hub/api/rest/scim2To locate the base URL for your YouTrack site, check the Server Configuration tab in the Global Settings. For additional information, see Server Configuration.
Authentication credentials in the form of a permanent token. To learn how to generate a permanent token for your YouTrack account, see Manage Permanent Tokens
For sample configurations, please refer to the setup instructions for the following identity providers: