Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,364,109
Community Members
 
Community Events
168
Community Groups

Move jira-software-users group from internal directory to LDAP

Edited

We're currently using Jira's internal directory to keep the group "jira-software-users" and an LDAP-server for all other groups and users as seen in the picture.

Screenshot 2022-08-24 at 16-47-15 User Directories - Jira.png

What I'd now like to do is give up on the internal directory altogether and move "jira-software-users" (and preferrably other Jira groups like admins) into LDAP as well for easier maintenance.

However, as per https://confluence.atlassian.com/adminjiraserver/migrating-users-between-user-directories-938847059.html the "Additional Configuration & Troubleshooting" doesn't show me any option to move groups between user directories.

So my question is: is it possible at all to have "jira-*" groups in LDAP and LDAP only? And what would be a way to actually move them from the internal directory to our LDAP?

Many thanks in advance!

2 answers

1 accepted

0 votes
Answer accepted

I have solved this, by going to "Applications -> Application access" as admin and adding my LDAP group under "Jira Software". Then admins etc. stay in the local Jira groups and user onboarding occurs by adding them to my LDAP group as now they count towards my license.

1 vote

I would strongly recommend against this action and the abandonment of the internal directory.

If you disable the internal directory and your LDAP link or authorization system fails, you will be locked out of Jira.

Good point! That would be true for "jira-administrators". But what if I want to "outsource" merely "jira-software-users" for the sake of an easier overall user on- and off-boarding?

It has been a while since I worked with Jira Server, but as I recall there was a way to specify that members of specified user groups in your authorization directory be automatically added to the jira-software-users group in order to be granted access, or to change the default group for Application Access to a user group from your AD.

I don't have access to a Server instance at this time to work through experimentation on this, so I'll have to defer to other community members.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS

Atlassian Community Events