Sync Azure Active Directory Groups as Jira Service Desk "Organizations"

Chris Adams June 30, 2020

Is it possible to use Azure AD Groups, synced with Atlassian Cloud, to define a Jira Service Desk "Organization" so that group will have access to place requests via email or the portal? I want certain service desk portals to be only visible to specific members of my organization, but I don't want to have to constantly manage those users manually. If I could embed an AAD Group inside a JSD "Organization" that would accomplish my goal, but I don't see a way of doing that.

2 answers

1 vote
Chris Adams October 30, 2020

Does anyone have any suggestions for this? It seems odd that Azure AD groups can be used to set product permissions, but not for Service Desk Portal and Email permissions.

0 votes
Josh Mohan March 30, 2021

Hi @Chris Adams I'm trying to do the same thing right now, were you ever able to find a solution?

Chris Adams March 31, 2021

Hi, Josh!

Unfortunately, no, I still have not found a good solution to this. Right now, I have all our JSM Projects open to anyone in our organization and have simply been guiding specific groups to the portal relevant to them by giving them direct links to the relevant projects and steering them away from the main portal hub which contains the search function and all the portals. Definitely not optimal, but it has been ok as a workaround.

Josh Mohan May 27, 2021

Hey Chris,

sorry for the slow response, but I have kind of sorted out a way to do this. I sync AD groups to Jira in the normal way, then I created an Azure function app that runs daily, and makes some API calls to grab everyone in the orgs, and everyone in the related AD groups, then adds everyone to the org through the API calls. Seems to be working okay, and if you'd like I can share a more in depth view of the api stuff if you'd like to implement something similar.

Chris Adams May 28, 2021

Hey, Josh!

Thanks for the reply! That sounds great. I'd love to see more if you're able to share.

Josh Mohan May 28, 2021

The general gist is:

Make API calls to [jiraUrl]/rest/servicedeskapi/organization/[org ID]/user on repeat until the isLastPage attribute is true, add everyone to a list.

Then make API calls to [jiraUrl]/rest/servicedeskapi/servicedesk/[serviceDeskId]/customer

on repeat until isLastPage is true, add everyone to a list.

 

All customers from AD sync will go to the customer list, so then just do some list comprehension stuff to get everyone in the customer list that isn't in the org list, then make a post call to [jiraUrl]/rest/servicedeskapi/organization/[org ID]/user

with all the account ID's, and it adds all customers to the org in one go.(doesn't seem to be a cap on ID's in one call, I added ~700 the first time in one call)

I have this script running daily to pick up new users and it's working great for my use case so far.

Like Chris Adams likes this
Chris Adams June 15, 2021

Josh,

Thanks so much for this. I probably won't have time to try it out for a little while, but it definitely sounds like a solution that could work for us!

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events