Hi Kishan,

Yes, I already configure a ldap user directory under user management. currently all user within that ldap group can access jira and jira service desk without login.

However, what we really required is that users out of ldap group can access Jira Service Desk using Saml SSO

Any idea on how to configure this?

changed

If you want all your organization employees to be able to login to service desk, you will have to get a separate LDAP bind account created which will sync all your org's employees info to Jira. You need to configure that as a separate user directory, so that those users can login with SSO. This way you don't need to use JIT provisioning. Hope this helps.

Hi Kishan,

thx for your idea,

It's because that our whole organization is too big. we are afraid that sync these all members into our jira will cause too much pressure on jira.  

Hence what we really want is idp can provide authenticate to all members whenever they access service desk .  Rather than import all user into jira in advance.

I think the bottleneck would be how ADFS IDP can authenticate all members.

Hi @Mengmeng Yu 

In that case, you will need to configure this directory as "Internal with LDAP Authentication User Directory" which will not sync all your org's users to Jira, but will only add users to the internal directory when they try to login to Jira and it will just check their password against the LDAP directory.

You can read about it here Connecting to an internal directory with LDAP authentication 

This option also helps to avoid the performance issues that may result from downloading large numbers of groups from LDAP.

Hi Kishan,

thx for your patient help