Setup Intelligent User Manager (IUM) in Bitbucket

In the first step, two new groups (IUM enable and IUM disable) are created under "Administration" - "Accounts" - "Groups".
(alternatively, other names can also be used)

Under "Administration" - "Accounts" - "Global permissions", access for the IUM enable group is added.

User Directories

If the "Bitbucket Internal Directory" is not used, the LDAP permissions ("Administration" - "Accounts" - "User Directories" - "Edit") must be changed to "Read Only, with Local Groups".

The actual configuration is then carried out under "Administration" - "Add-Ons" - "IUM Configuration".

• Group Settings
  • IUM enable is selected under "Enabled Group" and IUM disable under "Disabled Group".
    (or the corresponding self-assigned names
  • The number of licences to be managed by IUM is specified under "Queue Size".
    (e.g. if there is a 500 licence tier and 100 power users, then 400 licences are available for IUM to share)
    
    • Queue Size + permanent User <= Licence tier!
  • Under "Duration in minutes", the minimum inactivity time in minutes is specified before the licence is released again..

• Logging
  • Switching the internal log on and off

• User Management
  • This is where the actual moving of users to the group managed by IUM takes place.
  • The group in which the current users are located is selected under "From Group".
  • Under "To Group" the IUM disable group is selected.
  • After clicking on "List", a list of users from this group is displayed.
    
    • The users displayed are sorted in descending order according to their last activity.
      (so the occasional users can be sorted out little by little)
    • The number of users displayed can be set under "Number of Users".

• Now the users to be managed by IUM are selected via the selection field.
  (no power users should be selected here, but the occasional users should be gradually sorted out)
• With the "Move" button, the selected users are subsequently moved.
• The "Copy" button is only used if the IUM disable group is composed of individual permission groups and does not have its own Application Access.

• Moving users cannot be undone.

• After confirming the process, you can see in the user management under Groups in Bitbucket that the selected users have been moved to the IUM disable group.
  have been moved. (The unselected power users remain in their old group)

• SAML
  • IUM supports single sign-on services such as ADFS, Azure, Google or Okta. (How to setup)

Control

• Two users now log in. (user1 , user2)

• Now you can see under "Goups" that the two users have also been copied into the IUM enable group and have thus been
  have also been assigned a licence.
• After a user logs off, he or she is automatically removed from the IUM enable group and the licence used is free again.
• If a user simply closes the browser (without logging out), he or she remains in the IUM enable group until the licence occupied by him or her is needed.
  Only at this point will they be removed from the IUM enable group.

• Since in this example only 2 licences were made available for administration by IUM for "Queue Size", the following display appears for the third user who wants to log in.
  third user who wants to log in, the following display appears.

• After the waiting time has expired, the user with the longest inactivity time is moved to the IUM disable group, his or her used licence is released again and the waiting user is logged in. 
  used licence is released again and the waiting user is logged in.
• If a logged-in user is inactive for longer than the time specified under "Duration in minutes", this user is moved to the 
  group IUM disable and his used licence is directly passed on to the new user.
  (the queue would not be displayed in this case)