We're currently using Jira's internal directory to keep the group "jira-software-users" and an LDAP-server for all other groups and users as seen in the picture.
What I'd now like to do is give up on the internal directory altogether and move "jira-software-users" (and preferrably other Jira groups like admins) into LDAP as well for easier maintenance.
However, as per https://confluence.atlassian.com/adminjiraserver/migrating-users-between-user-directories-938847059.html the "Additional Configuration & Troubleshooting" doesn't show me any option to move groups between user directories.
So my question is: is it possible at all to have "jira-*" groups in LDAP and LDAP only? And what would be a way to actually move them from the internal directory to our LDAP?
Many thanks in advance!
I have solved this, by going to "Applications -> Application access" as admin and adding my LDAP group under "Jira Software". Then admins etc. stay in the local Jira groups and user onboarding occurs by adding them to my LDAP group as now they count towards my license.
I would strongly recommend against this action and the abandonment of the internal directory.
If you disable the internal directory and your LDAP link or authorization system fails, you will be locked out of Jira.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Good point! That would be true for "jira-administrators". But what if I want to "outsource" merely "jira-software-users" for the sake of an easier overall user on- and off-boarding?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It has been a while since I worked with Jira Server, but as I recall there was a way to specify that members of specified user groups in your authorization directory be automatically added to the jira-software-users group in order to be granted access, or to change the default group for Application Access to a user group from your AD.
I don't have access to a Server instance at this time to work through experimentation on this, so I'll have to defer to other community members.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.