Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,364,808
Community Members
 
Community Events
168
Community Groups

JIRA - LDAP Integration

Has anyone integrated their JIRA instance with LDAP? We use AD and are planning to integrate JIRA w/ LDAP to make things easier. What was your experience in doing this? Was the process smooth and are there any issues that may pop up in doing this?

3 comments

Hi @Jess Beitler 


It is built-in functionality in Jira to setup LDAP user directories, either as a synchronized Active Directory or delegated LDAP with local write permissions. With delegated LDAP, Jira has only knowledge about users which have logged in at least once.

It should be quite straight forward to set it up. In the User Management configurations you find a page for User Directories and here you can add your LDAP user directories. Note that, if you have multiple directories active, the user lookup happening when users log in is done according to the user directory order (see up and down arrows in the user directory table).

With a LDAP user directory in Jira, your AD users should be able to log in with their AD credentials.  With AD and the Kantega SSO app for Jira , you can also setup Kerberos to give all users on a trusted network direct and password-free access to Jira. Kerberos works also in combination with other SSO mechanisms such as SAML.

Regards,
Jon Espen

Full disclosure: I work for Kantega SSO, a top marketplace vendor.

Hello Jess,

it's not that hard but here are some random tips:

  • I recommend having a system engineer with good AD knowledge with you while doing the actual configuration
  • You can use multiple user directories in Jira, the order in which they’re configured matters for group management and for passwords. You need to know the different configuration options such as Read Only, Read Only with Local Groups and Read Write.
  • Know which password will be the master password when a user exists in multiple user directories.

  • There are great docs by Atlassian to refer to:
  • When using nested groups, you can't use an  LDAP directory for delegated authentication

Thanks for the responses. I have another question. If there are inactive users w/ associations, what happens to those associations when we finally do integrate JIRA with LDAP?

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events