Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Assigning default groups or permissions to users from SSO

Chris Payne
Chris Payne March 31, 2021

JIRA Cloud.

So we've integrated with Azure AD using SAML. I've created an AD group for all our JIRA users, and I've granted that group application access in JIRA. Users sync over to JIRA just fine, and they can log in.

The problem is they can't access anything after logging in. I have to manually go add them to the jira-software-users group before they can see any projects, tickets, etc. I can't find any way to either automatically assign the jira-software-users group for these synced users, or to grant my custom AD group the same permissions from jira-software-users. Once they are assigned to jira-software-users, they are able to access everything as I expect (per the in-place permissions of course).

In my searching, the only reference I can find is about the "jira-users" role in the Global permissions section, but I don't see that role in there at all. I'm guessing that was removed since 2015, because I can't find any newer instructions on this.

Does anyone have a way to either:

1. Automatically assign the jira-software-users group to new users synced from SSO?

2. Grant a custom group the permissions necessary to view projects/tickets, in effect making it like the jira-software-users group?

I'm specifically calling out JIRA here, but the same goes for our confluence users.

Answer
Watch
Like Carlos Villavicencio Sanchez likes this
1621 views

2 answers

0 votes
Mustafa Mansour
Mustafa Mansour May 25, 2024

It's quite surprising that we haven't received an answer or solution for this yet :(

Reply
0 votes
Alexis Robert
Alexis Robert
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 31, 2021

Hi @Chris Payne , 

 

I can confirm that this is something that you can achieve with Atlassian Access and Azure AD. It is part of the Provisionning feature, you can have a look at this tutorial from Microsoft on how to set it up : https://docs.microsoft.com/fr-fr/azure/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial

 

Basically, this will give you an option to map your Azure AD groups to a default access group (giving access to Jira, Confluence, etc).

 

Let em know if this helps, 

 

--Alexis

View More Comments
Chris Payne
Chris Payne April 5, 2021

We've already gone through that guide - that is how we set up SSO and user-provisioning in the first place. But that guide does not tell us how to map default groups, or how to set the group permissions in JIRA. . 

Like # people like this
admin-nwalter
admin-nwalter May 3, 2022

Unbelievable that there is still no answer after all this time.

Like # people like this
Dave Schultz
Dave Schultz May 18, 2022

You can assign default access to the site or to the product by way of an externally sync'd group, but you can't (as far as I can tell) grant Global Permissions to an externally sync'd group.  I'm waiting to hear back from support on whether this is possible and how to accomplish it.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events