It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

managing Confluence and Jira user authentication with active directory groups

I have an installation with 100 Jira user licenses and 2000 Confluence user licenses. Right now, we are using the same AD group for authentication for both applications because we have not started widespread use of Confluence yet. (we are currently using 71 of the 100 Jira licenses)

I need to separate these groups out without losing the ability for some users to go back and forth between Jira and Confluence as the same user without re-authenticating. Is it as simple as creating a different AD group for the Confluence users? Will I have any issues with duplicate users if some members belong to both groups?

Thanks,

Michele

3 answers

Hi Michele,

I'm sure you will get a few different answers to this one...so here is one option. We had to do this about 2 years ago for the same reason. There were a couple things we did to get it to work with seamless 'back and forth' as you mention. The other reason we did it this way, was because of the requirements of the Security team for that organization - they wanted all permissions to be managed in the AD groups.

Also recommended, is that you spin up test instances and then configure and test whatever method you choose before rolling it out to your production instances. Be sure to test logging in as a member of each of the different groups below, and also as a JIRA 'internal' and Confluence 'internal' user' in your certifcation test.

1) Created the group structure in AD as below, then in the User Directory configuration, we enabled the Nested Groups option.

jira-users (members: sally, joe, tom, john)

jira-admins (members: susan, sam)

jira-sysadmins (michael)

wiki-users (members: sally, joe, tom, john, etc.)

wiki-admins (members: susan, sam)

wiki-sysadmins (michael)

2) map these groups to JIRA and Confluence (in Global Permissions)

3) added the context path of JIRA and WIKI to each instance. After doing this we had no issues going back and forth. For example:

http://yourhostname:8090/wiki/

http://yourhostname:8080/jira/

Here are the links to the context path documents.

https://confluence.atlassian.com/display/JIRAKB/How+to+change+the+JIRA+context+path

Another tip: we named the groups starting with WIKI in AD, becuase in the filter, we were picking up CONFerence rooms that were listed in AD. And the security team didn't want the filter and groups to be that long, so we changed it to something shorter and not starting with CONF.

Hope some of this helps.

Sorry forgot this other link:

https://confluence.atlassian.com/display/DOC/Configuring+the+Server+Base+URL

and, another step to make sure you update the BASE URL for each instance to include the new context path.

Thanks, Shari! This is a huge help.

-Michele

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Software

How to create Jira issus from Excel file?

When to use CSV importer When managing your processes in Jira, there are many occasions where you need to create a lot of tasks. Creating them one by one will cost you a lot of time and effort and i...

2,755 views 14 23
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you