JIRA - LDAP Integration

Jess Beitler June 7, 2019

Has anyone integrated their JIRA instance with LDAP? We use AD and are planning to integrate JIRA w/ LDAP to make things easier. What was your experience in doing this? Was the process smooth and are there any issues that may pop up in doing this?

3 answers

0 votes
Jess Beitler June 7, 2019

Thanks for the responses. I have another question. If there are inactive users w/ associations, what happens to those associations when we finally do integrate JIRA with LDAP?

0 votes
Johan Soetens _Dumblefy_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 7, 2019

Hello Jess,

it's not that hard but here are some random tips:

  • I recommend having a system engineer with good AD knowledge with you while doing the actual configuration
  • You can use multiple user directories in Jira, the order in which they’re configured matters for group management and for passwords. You need to know the different configuration options such as Read Only, Read Only with Local Groups and Read Write.
  • Know which password will be the master password when a user exists in multiple user directories.

  • There are great docs by Atlassian to refer to:
  • When using nested groups, you can't use an  LDAP directory for delegated authentication
0 votes
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 7, 2019

Hi @Jess Beitler 


It is built-in functionality in Jira to setup LDAP user directories, either as a synchronized Active Directory or delegated LDAP with local write permissions. With delegated LDAP, Jira has only knowledge about users which have logged in at least once.

It should be quite straight forward to set it up. In the User Management configurations you find a page for User Directories and here you can add your LDAP user directories. Note that, if you have multiple directories active, the user lookup happening when users log in is done according to the user directory order (see up and down arrows in the user directory table).

With a LDAP user directory in Jira, your AD users should be able to log in with their AD credentials.  With AD and the Kantega SSO app for Jira , you can also setup Kerberos to give all users on a trusted network direct and password-free access to Jira. Kerberos works also in combination with other SSO mechanisms such as SAML.

Regards,
Jon Espen

Full disclosure: I work for Kantega SSO, a top marketplace vendor.

Suggest an answer

Log in or Sign up to answer