Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Assigning default groups or permissions to users from SSO

JIRA Cloud.

So we've integrated with Azure AD using SAML. I've created an AD group for all our JIRA users, and I've granted that group application access in JIRA. Users sync over to JIRA just fine, and they can log in.

The problem is they can't access anything after logging in. I have to manually go add them to the jira-software-users group before they can see any projects, tickets, etc. I can't find any way to either automatically assign the jira-software-users group for these synced users, or to grant my custom AD group the same permissions from jira-software-users. Once they are assigned to jira-software-users, they are able to access everything as I expect (per the in-place permissions of course).

In my searching, the only reference I can find is about the "jira-users" role in the Global permissions section, but I don't see that role in there at all. I'm guessing that was removed since 2015, because I can't find any newer instructions on this.

Does anyone have a way to either:

1. Automatically assign the jira-software-users group to new users synced from SSO?

2. Grant a custom group the permissions necessary to view projects/tickets, in effect making it like the jira-software-users group?

I'm specifically calling out JIRA here, but the same goes for our confluence users.

1 answer

0 votes
Alexis Robert Community Leader Mar 31, 2021

Hi @Chris Payne , 


I can confirm that this is something that you can achieve with Atlassian Access and Azure AD. It is part of the Provisionning feature, you can have a look at this tutorial from Microsoft on how to set it up :


Basically, this will give you an option to map your Azure AD groups to a default access group (giving access to Jira, Confluence, etc).


Let em know if this helps, 



We've already gone through that guide - that is how we set up SSO and user-provisioning in the first place. But that guide does not tell us how to map default groups, or how to set the group permissions in JIRA. . 

Like # people like this

Unbelievable that there is still no answer after all this time.

Like Dave Schultz likes this

You can assign default access to the site or to the product by way of an externally sync'd group, but you can't (as far as I can tell) grant Global Permissions to an externally sync'd group.  I'm waiting to hear back from support on whether this is possible and how to accomplish it.

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you