Thanks. I meant to see if others had issues with Okta and jira on-prem and the attribute autoAddGroups when syncing all of it through AD.
First off, existing users are working fine. New users will be created when the User directory syncs with AD. BUT, not added to the JIRA USERS group. So their first experience of attempting to login to jira is for the browsers sending them to OKTA to authenticate then sent to JIRA where they are rejected because they don’t belong to JIRA USERS.
Before OKTA we had it configured in our global permissions as such:
JIRA Users
Ability to log in to JIRA. They are a 'user'. Any new users created will automatically join these groups, unless those groups have JIRA System Administrators or JIRA Administrators permissions.
Note: All users need this permission to log in to JIRA, even if they have other permissions.
Where the group used is the same as the autoAddGroup attribute.
from the docs:
In Confluence 3.5.2 and later, and JIRA 4.3.3 and later: The first time a user logs in, their group memberships will be checked. If the user does not belong to the specified group(s), their username will be added to the group(s). If a group does not yet exist, it will be added locally. On subsequent logins, the username will not be added automatically to any groups. This change in behavior allows users to be removed from automatically-added groups. In Confluence 3.5 and 3.5.1, they would be re-added upon next login.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.