It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can you nest domain groups into a jira-local group?

I want to nest groups for various purposes. Some of that is already managed on AD, and I want to have a local Jira group leveraging AD groups.

But...


I must be misreading something here, as there seems to be a contradiction:

https://confluence.atlassian.com/adminjiraserver081/managing-nested-groups-970608768.html#Managingnestedgroups-flattenedlists


>>You can't nest an internal group in an external group or vice versa.


In my eyes that reads:
(1) You cannot nest domain groups under Jira local groups

But, in the second example:

>>Add the [domain] engineering-group as a sub-group of jira-developers [which is an out of the box LOCAL group].

which is
(2) an example of nesting a domain group under a local group.


(1) <> (2)

So... what am I missing here? Can you or can you not nest domain groups into a jira-local group?


Thanks,
Mike

 

1 answer

1 vote

Hey @Petra Goldstein 

At least in Crowd (which is what user management in JIRA/confluence etc is all based on anyway), you’re able to place a remote group (ad/ldap) in a local group. 

The documentation you’ve referenced does seem contradictory. I’d just give it a try!

 

NB: you cannot currently nest an azure ad group in a local crowd group. 


CCM

Thanks, I actually gave it a try and it worked within the limited testing I have performed. 

But the reason I ask is that perhaps something is meant by those Atlassian statements in the docs that would be a reason to reconsider, or give the matter deeper thought. I feel I may be simply missing something. 

FWIW, we are using Jira Server (hosted locally) without Crowd.

Thanks,

Mike

P.S.

  1. Using Jira v8.5.0 
  2. (On a side note, I must say that the implementation of the nested groups is quite cumbersome with UI functionality that behaves like a neglected patch, which makes one wonder overall about it. For example when you look at a group in the standard interface, you cannot tell that other groups are included in it. To see that you have to go to the "special" location and search for that kind of information, and only if you know exactly what you are searching for you can see it. A far cry from self-documenting of the structure one is looking at. Are they trying to encourage users not to use it?).

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you