Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Sync Azure Active Directory Groups as Jira Service Desk "Organizations"

Is it possible to use Azure AD Groups, synced with Atlassian Cloud, to define a Jira Service Desk "Organization" so that group will have access to place requests via email or the portal? I want certain service desk portals to be only visible to specific members of my organization, but I don't want to have to constantly manage those users manually. If I could embed an AAD Group inside a JSD "Organization" that would accomplish my goal, but I don't see a way of doing that.

2 answers

Does anyone have any suggestions for this? It seems odd that Azure AD groups can be used to set product permissions, but not for Service Desk Portal and Email permissions.

Hi @Chris Adams I'm trying to do the same thing right now, were you ever able to find a solution?

Hi, Josh!

Unfortunately, no, I still have not found a good solution to this. Right now, I have all our JSM Projects open to anyone in our organization and have simply been guiding specific groups to the portal relevant to them by giving them direct links to the relevant projects and steering them away from the main portal hub which contains the search function and all the portals. Definitely not optimal, but it has been ok as a workaround.

Hey Chris,

sorry for the slow response, but I have kind of sorted out a way to do this. I sync AD groups to Jira in the normal way, then I created an Azure function app that runs daily, and makes some API calls to grab everyone in the orgs, and everyone in the related AD groups, then adds everyone to the org through the API calls. Seems to be working okay, and if you'd like I can share a more in depth view of the api stuff if you'd like to implement something similar.

Hey, Josh!

Thanks for the reply! That sounds great. I'd love to see more if you're able to share.

The general gist is:

Make API calls to [jiraUrl]/rest/servicedeskapi/organization/[org ID]/user on repeat until the isLastPage attribute is true, add everyone to a list.

Then make API calls to [jiraUrl]/rest/servicedeskapi/servicedesk/[serviceDeskId]/customer

on repeat until isLastPage is true, add everyone to a list.

 

All customers from AD sync will go to the customer list, so then just do some list comprehension stuff to get everyone in the customer list that isn't in the org list, then make a post call to [jiraUrl]/rest/servicedeskapi/organization/[org ID]/user

with all the account ID's, and it adds all customers to the org in one go.(doesn't seem to be a cap on ID's in one call, I added ~700 the first time in one call)

I have this script running daily to pick up new users and it's working great for my use case so far.

Like Chris Adams likes this

Josh,

Thanks so much for this. I probably won't have time to try it out for a little while, but it definitely sounds like a solution that could work for us!

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Jira Service Management

Submit your Jira Service Management use case and win!

Hi everyone - in case you haven’t heard, we’re hosting the show of the century on November 10th: High Velocity: ITSM World Tour.     This virtual, concert-themed experience...

276 views 1 10
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you