Is Jira Asset Management account must be in on-premises Domain Administrators Group?

Hello @Michael Zolotarsky 

Jira Asset Management account does not need to be in the on-premises Domain Administrators Group. Having Domain Admin rights is excessive and not recommended due to security risks. Instead, the account needs the minimum necessary permissions to manage assets in the domain, typically delegated write permissions for relevant Active Directory organizational units or asset locations. These permissions should allow the account to read and write asset attributes without granting full domain control, adhering to the principle of least privilege. This ensures secure, efficient asset management without overexposing critical domain controls. This approach balances functionality with security best practices for on-premises integrations with Jira Asset Management.

Hi @Michael Zolotarsky , 

The answer is no, the account does not need to be in the Domain Administrators group, as that's excessive and a security risk. Instead, it needs minimal read-only permissions tailored to your use case (e.g., querying or importing users/groups as assets).

If you're just syncing users for Jira login (not Assets-specific), the minimum is "Read-only" access on users.