How do I switch JIRA from using ActiveDirectory to Crowd?

Initially we started with just JIRA, but have been slowly using more Atlassian products, and have now installed Crowd. Both connect to ActiveDirectory in an identical way: same user, same configuration.

JIRA still authenticates directly to ActiveDirectory; are there any considerations or best practices to switch it to using Crowd?

I will ensure I have an admin account working in the internal directory, so I don't get locked out,

Specifically:

  • Since usernames match, will they still be the "same" user when logged into the Crowd-provided account instead of the AD-provided account? (eg, preserve profile, assigned tickets, etc)
  • Is there any consideration I should give to permissions/groups?
  • What order should I enable/disable the directories in? Eg, should I enable Crowd before disabling AD, and will anything happen since there are duplicate users?
  • Any other suggestions?

3 answers

1 accepted

Hi Greg,

I believe it will be a transparent turn-over. After configuring AD in Crowd, you'll need to integrate JIRA with Crowd. Please take a look on the following doc:
- https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA

After that, when you browse to Administration -> User Directories, you will have three user directories listed in JIRA: Crowd, AD and the JIRA Internal User directory.
JIRA will try to authenticate its user first on the directory which is on the top (the first one), so all you'll need to do is move Crowd for the top. Ask for some users try to login, and if it works, you can just disable the AD one. Since you won't have any changes on the usernames, the users won't even note the difference. :)

You can have more information about managing multiple directories in JIRA here.

Best regards,
Lucas Timm

I did lose avatars and some profile stuff in the switch, but otherwise associations of ticket owners/assignment etc stayed and worked normally.

One trick is that you can't disable the directory you logged in from. I did this using an admin user in the 'JIRA internal' directory, so I was able to create the crowd and disable the AD directory. I used a second browser to test logging in.

Hi Greg,

According to my understanding if users from your AD directory are same users, basically the users will be the same and will keep the same profile because these suers have the same user name.

If these groups are from AD for example you wil not have problems with membership.

You can disable the AD directory and create this new directory into Crowd to synchronize AD, and then create the crowd directory directly in Confluence.

Please check these documentation for more information.

https://confluence.atlassian.com/display/CROWD/Configuring+an+LDAP+Directory+Connector

https://confluence.atlassian.com/display/DOC/Connecting+to+Crowd+or+JIRA+for+User+Management

Feel free to comment!

Switching from Confluence --> LDAP (but not using LDAP for groups) to Confluence --> Crowd --> LDAP I'm losing all the user to internal group mappings. When I switch to Crowd for authenication, all the internal Crowd groups disappear and all I have are the groups imported from CROWD / LDAP.

Is this correct behavior?

This is exactly the behavior I found in testing for both Jira and Confluence. Both Crowd and Jira (ldap) were pointing at the same external ldap, with same groups/users (crowd actually had more).

For both confluence and jira basically the jira-* (users, admins, etc), and confluence-* (users, admins) lost there mapping.

We didn't change anything else, and my understand was that upon first logon that the person (in the case of jira) when then be re-added to jira-user.

I have jira connected as Read/Write to Crowd, but crowd to ldap is read-only, so crowd would manage anything additional internal afaik.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Thursday in Jira

5 ways you can make the most of Jira Software and Bitbucket Cloud

As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...

82 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you