Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Assigning default groups or permissions to users from SSO

JIRA Cloud.

So we've integrated with Azure AD using SAML. I've created an AD group for all our JIRA users, and I've granted that group application access in JIRA. Users sync over to JIRA just fine, and they can log in.

The problem is they can't access anything after logging in. I have to manually go add them to the jira-software-users group before they can see any projects, tickets, etc. I can't find any way to either automatically assign the jira-software-users group for these synced users, or to grant my custom AD group the same permissions from jira-software-users. Once they are assigned to jira-software-users, they are able to access everything as I expect (per the in-place permissions of course).

In my searching, the only reference I can find is about the "jira-users" role in the Global permissions section, but I don't see that role in there at all. I'm guessing that was removed since 2015, because I can't find any newer instructions on this.

Does anyone have a way to either:

1. Automatically assign the jira-software-users group to new users synced from SSO?

2. Grant a custom group the permissions necessary to view projects/tickets, in effect making it like the jira-software-users group?

I'm specifically calling out JIRA here, but the same goes for our confluence users.

1 answer

0 votes
Alexis Robert Community Leader Mar 31, 2021

Hi @Chris Payne , 


I can confirm that this is something that you can achieve with Atlassian Access and Azure AD. It is part of the Provisionning feature, you can have a look at this tutorial from Microsoft on how to set it up :


Basically, this will give you an option to map your Azure AD groups to a default access group (giving access to Jira, Confluence, etc).


Let em know if this helps, 



We've already gone through that guide - that is how we set up SSO and user-provisioning in the first place. But that guide does not tell us how to map default groups, or how to set the group permissions in JIRA. . 

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you