Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Adding AD auth

aingramips
aingramips August 22, 2019

We've been using Jira for a while now with just the internal directory. What I'd like to do is add our Active Directory as a source of authentication (and maybe Jira groups), and have it automatically fall back to the internal directory if AD ever goes down.

The usernames and email addresses of all the existing users would be the same in AD as their existing users in the internal directory.

What I'm keen on preserving however is the ownership of Issues etc, so that "JDoe" that is currently in the internal directory is seen as the same person/user once Active Directory comes online as a new directory (with a higher priority). I definitely don't want to start over again with "new" users. Obviously passwords between internal and AD would differ - but that's fine, the internal directory would just be used in case of a DR scenario.

Is this even feasible?

FYI, we are using Jira Software v8.3.1 on-prem, with Service Desk too.

Answer
Watch
Like Be the first to like this
365 views

1 answer

1 accepted

0 votes
Answer accepted
Mikael Sandberg
Mikael Sandberg
Community Champion
August 22, 2019

Yes, switching user directory from an internal to an external will keep the ownership, as long as the usernames are the same in both directories. I went through a similar exercise a couple of months ago when we switched domains and at the same time user IDs. There was only a handful of users that got their avatars reset, everything else was kept intact. I would highly recommend setting up a test environment with data from your production so you can test it out without affecting your users.

View More Comments
aingramips
aingramips August 23, 2019

Thanks very much for your input Mikael. I'll definitely be testing this (probably just snapshot the live VM and play on a copy). It's great news if it does behave this way!

Like
aingramips
aingramips August 23, 2019

Could I also ask, with respect to groups (e.g. jira-administrators / jira-software-users / jira-servicedesk-users etc), did you simply re-create the same named groups in AD and it all continued as usual? 

Did it just take the AD groups' members and map them to the rights which those same named groups in Jira already have?

Like
Mikael Sandberg
Mikael Sandberg
Community Champion
August 23, 2019

I am still using internal groups in Jira, that way I do not have to rely on our IT helpdesk to add users to the correct AD group. All I did was exporting out the members in the current groups using REST API, fix the user ID (stripping out @XXX.xxx from the email adresses), and re-add them to the correct groups.

You could use AD groups, then all you have to change is the global permissions.

Like aingramips likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security