It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can AD groups be added to a Project Role

I've configured Active Directory integration for Jira configured for Read Only with Local Groups which works, AD user account and AD groups are presented under User Management. The AD groups are an AD eqivalent of the 3 internal groups that are automatically created (jira-software, jira-servicedesk, jira-adminstrators). 

I've applied the AD groups to the Application Access for Jira Software and Jira Servidesk alongside the existing internal groups (jira-software, jira-servicedesk, jira-adminstrators).

I've also applied the AD groups to the 6x Global Permissions, again to match the internal groups. i.e. AD\JIRA_Admin to Jira System Adminstrators etc

I've read that using Global permissions is not the optimal approach and therefore, specifically for the Service Desk project, I want to apply the AD groups to the Project roles. However it only seems to present users and internal Jira groups and not the AD groups. Is this not supported / recommended?

Should I put the AD groups into the internal jira groups instead and use them?

e.g.

AD user -> AD group -> Internal Jira Group ->Project Role

AD user -> AD group -> Internal Jira Group -><global permission>

I assume putting AD groups into internal Jira groups is supported?

Thanks in advance,

1 answer

0 votes
Steven Behnke Community Leader Aug 05, 2017

I'm confused by this question to be honest. I'm not sure exactly what the problem is.

Can you describe which method you used to connect the active directory server to jira?

When you integrate active directory with jira, the groups that are present in AD will be synced to groups in JIRA. Thus, you can use the AD groups within Global Permissions and Project Roles.

If this isn't working please show us how you configured it.

Hi Steven, thanks for the reply.

I've learnt / established a couple of things since the orginal post.

Firstly (and I've read posts about this - albeit they are old), the nesting of external (AD) groups in to local directory groups is not supported / doesn't work, even though the interface appears to let you configure it as so. I understand you can nest internal into internal and external into external but beyond that no.

Secondly the interface for adding groups to a Project Role does not autocomplete when specify an AD group and only the local users and groups are shown as you type. Once I'd typed / pasted the entire AD group into the field it worked.

I've now got nesting switched off for both the local and remote directory, applied my AD control groups to 'Application Access' for Jira Software and Jira Servicedesk , applied a Jira Admin AD group  to the 6x Global Permissions, and the Service Desk AD group to the role of Service Desk Team in the Servicedesk Project and all seems to be good.

Steven Behnke Community Leader Aug 07, 2017

Well, nesting should work - The structure appears flat to JIRA though. If you're a direct or indirect member of a group, you appear as being a direct member of the group in JIRA. This is obviously a simplification of how it works but it should suit most purposes.

I would like to poing out this KB article: https://confluence.atlassian.com/jirakb/user-picker-autocomplete-field-does-not-work-280068827.html

Can you validate the two items:

  • JIRA Browse Users Permission?
  • What is the size of the directory you added? You SHOULD be filtering down a directory if it's quite large, this is an extremely common mistake. (I'm talking thousands and thousands of users and groups) If your directory is huge the search may not work quickly.

Have you run a background index since adding the users? I'm not sure but that may be a possibility.

I'm having the exact same issue, AD groups are not showing up on the Project "Add users to a role" search unless I type the entire name of the security group.

I am filtering down to the OU security groups are included in, and we do not have thousands of users or security groups.

Steven Behnke Community Leader Oct 11, 2019

I have this problem if I use the wrong case. If I use the proper casing, it autocompletes. Probably goes to show that groups should be normalized to lowercase or something.

@Steven Behnke 

Interesting, you're absolutely correct. The filters are not case sensitive, but the automatic searches in input boxes are.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Jira

The add-in you’ve been waiting for: Jira Cloud for Excel 🙌

Introducing Jira Cloud for Excel Here at the product integrations team at Atlassian, we are thrilled to announce the new Jira Cloud for Excel add-in! This add-in lets you export Jira data directly ...

932 views 8 25
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you