I've configured Active Directory integration for Jira configured for Read Only with Local Groups which works, AD user account and AD groups are presented under User Management. The AD groups are an AD eqivalent of the 3 internal groups that are automatically created (jira-software, jira-servicedesk, jira-adminstrators).
I've applied the AD groups to the Application Access for Jira Software and Jira Servidesk alongside the existing internal groups (jira-software, jira-servicedesk, jira-adminstrators).
I've also applied the AD groups to the 6x Global Permissions, again to match the internal groups. i.e. AD\JIRA_Admin to Jira System Adminstrators etc
I've read that using Global permissions is not the optimal approach and therefore, specifically for the Service Desk project, I want to apply the AD groups to the Project roles. However it only seems to present users and internal Jira groups and not the AD groups. Is this not supported / recommended?
Should I put the AD groups into the internal jira groups instead and use them?
AD user -> AD group -> Internal Jira Group ->Project Role
AD user -> AD group -> Internal Jira Group -><global permission>
I assume putting AD groups into internal Jira groups is supported?
Thanks in advance,
I'm confused by this question to be honest. I'm not sure exactly what the problem is.
Can you describe which method you used to connect the active directory server to jira?
When you integrate active directory with jira, the groups that are present in AD will be synced to groups in JIRA. Thus, you can use the AD groups within Global Permissions and Project Roles.
If this isn't working please show us how you configured it.
Hi Steven, thanks for the reply.
I've learnt / established a couple of things since the orginal post.
Firstly (and I've read posts about this - albeit they are old), the nesting of external (AD) groups in to local directory groups is not supported / doesn't work, even though the interface appears to let you configure it as so. I understand you can nest internal into internal and external into external but beyond that no.
Secondly the interface for adding groups to a Project Role does not autocomplete when specify an AD group and only the local users and groups are shown as you type. Once I'd typed / pasted the entire AD group into the field it worked.
I've now got nesting switched off for both the local and remote directory, applied my AD control groups to 'Application Access' for Jira Software and Jira Servicedesk , applied a Jira Admin AD group to the 6x Global Permissions, and the Service Desk AD group to the role of Service Desk Team in the Servicedesk Project and all seems to be good.
Well, nesting should work - The structure appears flat to JIRA though. If you're a direct or indirect member of a group, you appear as being a direct member of the group in JIRA. This is obviously a simplification of how it works but it should suit most purposes.
I would like to poing out this KB article: https://confluence.atlassian.com/jirakb/user-picker-autocomplete-field-does-not-work-280068827.html
Can you validate the two items:
Have you run a background index since adding the users? I'm not sure but that may be a possibility.
Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot