How do I switch JIRA from using ActiveDirectory to Crowd?

Initially we started with just JIRA, but have been slowly using more Atlassian products, and have now installed Crowd. Both connect to ActiveDirectory in an identical way: same user, same configuration.

JIRA still authenticates directly to ActiveDirectory; are there any considerations or best practices to switch it to using Crowd?

I will ensure I have an admin account working in the internal directory, so I don't get locked out,

Specifically:

  • Since usernames match, will they still be the "same" user when logged into the Crowd-provided account instead of the AD-provided account? (eg, preserve profile, assigned tickets, etc)
  • Is there any consideration I should give to permissions/groups?
  • What order should I enable/disable the directories in? Eg, should I enable Crowd before disabling AD, and will anything happen since there are duplicate users?
  • Any other suggestions?

3 answers

1 accepted

Hi Greg,

I believe it will be a transparent turn-over. After configuring AD in Crowd, you'll need to integrate JIRA with Crowd. Please take a look on the following doc:
- https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA

After that, when you browse to Administration -> User Directories, you will have three user directories listed in JIRA: Crowd, AD and the JIRA Internal User directory.
JIRA will try to authenticate its user first on the directory which is on the top (the first one), so all you'll need to do is move Crowd for the top. Ask for some users try to login, and if it works, you can just disable the AD one. Since you won't have any changes on the usernames, the users won't even note the difference. :)

You can have more information about managing multiple directories in JIRA here.

Best regards,
Lucas Timm

I did lose avatars and some profile stuff in the switch, but otherwise associations of ticket owners/assignment etc stayed and worked normally.

One trick is that you can't disable the directory you logged in from. I did this using an admin user in the 'JIRA internal' directory, so I was able to create the crowd and disable the AD directory. I used a second browser to test logging in.

Hi Greg,

According to my understanding if users from your AD directory are same users, basically the users will be the same and will keep the same profile because these suers have the same user name.

If these groups are from AD for example you wil not have problems with membership.

You can disable the AD directory and create this new directory into Crowd to synchronize AD, and then create the crowd directory directly in Confluence.

Please check these documentation for more information.

https://confluence.atlassian.com/display/CROWD/Configuring+an+LDAP+Directory+Connector

https://confluence.atlassian.com/display/DOC/Connecting+to+Crowd+or+JIRA+for+User+Management

Feel free to comment!

Switching from Confluence --> LDAP (but not using LDAP for groups) to Confluence --> Crowd --> LDAP I'm losing all the user to internal group mappings. When I switch to Crowd for authenication, all the internal Crowd groups disappear and all I have are the groups imported from CROWD / LDAP.

Is this correct behavior?

This is exactly the behavior I found in testing for both Jira and Confluence. Both Crowd and Jira (ldap) were pointing at the same external ldap, with same groups/users (crowd actually had more).

For both confluence and jira basically the jira-* (users, admins, etc), and confluence-* (users, admins) lost there mapping.

We didn't change anything else, and my understand was that upon first logon that the person (in the case of jira) when then be re-added to jira-user.

I have jira connected as Read/Write to Crowd, but crowd to ldap is read-only, so crowd would manage anything additional internal afaik.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Amir Kazemi
Posted 5 hours ago in Jira

We want to know what Jira Service Desk apps you're using!

Hi Community! My name is Amir and I’m on the Jira Service Desk product marketing team at Atlassian. Our team would love to understand how you’re leveraging our ecosystem for Jira Service Desk. Wha...

22 views 0 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you