How do I switch JIRA from using ActiveDirectory to Crowd?

Initially we started with just JIRA, but have been slowly using more Atlassian products, and have now installed Crowd. Both connect to ActiveDirectory in an identical way: same user, same configuration.

JIRA still authenticates directly to ActiveDirectory; are there any considerations or best practices to switch it to using Crowd?

I will ensure I have an admin account working in the internal directory, so I don't get locked out,

Specifically:

  • Since usernames match, will they still be the "same" user when logged into the Crowd-provided account instead of the AD-provided account? (eg, preserve profile, assigned tickets, etc)
  • Is there any consideration I should give to permissions/groups?
  • What order should I enable/disable the directories in? Eg, should I enable Crowd before disabling AD, and will anything happen since there are duplicate users?
  • Any other suggestions?

3 answers

1 accepted

Hi Greg,

I believe it will be a transparent turn-over. After configuring AD in Crowd, you'll need to integrate JIRA with Crowd. Please take a look on the following doc:
- https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA

After that, when you browse to Administration -> User Directories, you will have three user directories listed in JIRA: Crowd, AD and the JIRA Internal User directory.
JIRA will try to authenticate its user first on the directory which is on the top (the first one), so all you'll need to do is move Crowd for the top. Ask for some users try to login, and if it works, you can just disable the AD one. Since you won't have any changes on the usernames, the users won't even note the difference. :)

You can have more information about managing multiple directories in JIRA here.

Best regards,
Lucas Timm

I did lose avatars and some profile stuff in the switch, but otherwise associations of ticket owners/assignment etc stayed and worked normally.

One trick is that you can't disable the directory you logged in from. I did this using an admin user in the 'JIRA internal' directory, so I was able to create the crowd and disable the AD directory. I used a second browser to test logging in.

Hi Greg,

According to my understanding if users from your AD directory are same users, basically the users will be the same and will keep the same profile because these suers have the same user name.

If these groups are from AD for example you wil not have problems with membership.

You can disable the AD directory and create this new directory into Crowd to synchronize AD, and then create the crowd directory directly in Confluence.

Please check these documentation for more information.

https://confluence.atlassian.com/display/CROWD/Configuring+an+LDAP+Directory+Connector

https://confluence.atlassian.com/display/DOC/Connecting+to+Crowd+or+JIRA+for+User+Management

Feel free to comment!

Switching from Confluence --> LDAP (but not using LDAP for groups) to Confluence --> Crowd --> LDAP I'm losing all the user to internal group mappings. When I switch to Crowd for authenication, all the internal Crowd groups disappear and all I have are the groups imported from CROWD / LDAP.

Is this correct behavior?

This is exactly the behavior I found in testing for both Jira and Confluence. Both Crowd and Jira (ldap) were pointing at the same external ldap, with same groups/users (crowd actually had more).

For both confluence and jira basically the jira-* (users, admins, etc), and confluence-* (users, admins) lost there mapping.

We didn't change anything else, and my understand was that upon first logon that the person (in the case of jira) when then be re-added to jira-user.

I have jira connected as Read/Write to Crowd, but crowd to ldap is read-only, so crowd would manage anything additional internal afaik.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,975 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot