JIRA Cloud.
So we've integrated with Azure AD using SAML. I've created an AD group for all our JIRA users, and I've granted that group application access in JIRA. Users sync over to JIRA just fine, and they can log in.
The problem is they can't access anything after logging in. I have to manually go add them to the jira-software-users group before they can see any projects, tickets, etc. I can't find any way to either automatically assign the jira-software-users group for these synced users, or to grant my custom AD group the same permissions from jira-software-users. Once they are assigned to jira-software-users, they are able to access everything as I expect (per the in-place permissions of course).
In my searching, the only reference I can find is about the "jira-users" role in the Global permissions section, but I don't see that role in there at all. I'm guessing that was removed since 2015, because I can't find any newer instructions on this.
Does anyone have a way to either:
1. Automatically assign the jira-software-users group to new users synced from SSO?
2. Grant a custom group the permissions necessary to view projects/tickets, in effect making it like the jira-software-users group?
I'm specifically calling out JIRA here, but the same goes for our confluence users.
It's quite surprising that we haven't received an answer or solution for this yet :(
Hi @Chris Payne ,
I can confirm that this is something that you can achieve with Atlassian Access and Azure AD. It is part of the Provisionning feature, you can have a look at this tutorial from Microsoft on how to set it up : https://docs.microsoft.com/fr-fr/azure/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial
Basically, this will give you an option to map your Azure AD groups to a default access group (giving access to Jira, Confluence, etc).
Let em know if this helps,
--Alexis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We've already gone through that guide - that is how we set up SSO and user-provisioning in the first place. But that guide does not tell us how to map default groups, or how to set the group permissions in JIRA. .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can assign default access to the site or to the product by way of an externally sync'd group, but you can't (as far as I can tell) grant Global Permissions to an externally sync'd group. I'm waiting to hear back from support on whether this is possible and how to accomplish it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.