Hi Support,

I am wondering what is the best approach you suggest to implement active directory into Jira? We are currently running Jira 5.1.8, will newer version of Jira support SSO? Thanks so much for your help.

2 answers

Please be aware that there are MANY options for SSO in Jira and Confluence, and you should not be swayed by one advert - please consider all of them. For the record, I work for another one of the vendors of an SSO system for Atlassian products, but I have not actually worked with it myself. Before I joined them I worked with three other SSO systems and had varying levels of success (ranging from "do not use this" through to "does the job perfectly"). Some were better suited to specific situations than others. I'd just say it's a bad idea to just go with the first advert you see. Read the page I referred to first, and then consider all the SSO options. I've not used the Appfusions one either, so I'm not qualified to speak about that either

Listen to Nic...he know's his stuff.

Indeed agree. An SSO solution is tricky period, no matter who the vendor is. It is also a headache saver. AppFusions solution (https://www.appfusions.com/display/KBRSCJ/Home ) is fully supported during deployment, and sustained ongoing for updated Atlassian releases (but you would *never* upgrade without first having the supported SSO update if needed; sometimes an update is not needed). AppFusions tried the do-it-yourself solution on Kerberos (and SAML2 SSO), and it 100% did not work. No one could do it with so many variables and instead just acquired a lot of frustrations on both sides. This is all described in the linked page above. AppFusions then evolved to the supported very methodical and controlled solution approach in Oct 2011, and since it has been deployed over 150+ times while also being feature updated as well. Even with that track record, all deployments are a little bit unique; network and server environments matter absolutely.

I've seen the DIY solution on Kerberos work perfectly well in a couple of places. So please make sure you look at all the options.

Agree, of course DIY can work. Like many solutions, its simply a choice of *buy* a supported solution vs *build* a homegrown one (which carries risk if the developer that implemented leaves the corp. This is a very common problem, as also the knowledge leaves the building. As you rightly suggested, consider all options and given that this forum is littered with questions in this SSO area, it is obviously tricky. Experience and expertise is important.

There are many products for SSO out there, as well as trying to do it yourself. Make sure you consider the pros and cons of ALL of them, not just the one you've seen the first advert for.

Silver, you need an additional authenticator to allow for SSO into your Windows/AD domain. Perhaps try this: https://www.appfusions.com/display/KBRSCJ/Home 

Strange - somehow this answer keeps getting demoted to a comment even though it is an answer. Is someone mucking with my answers?

To my mind, it's not an answer. The answer is not "use my product", it is "look at all the products and select one". I guess that's why someone is changing them to comments. I think it's worth restating that there are many SSO products out there and the questioner should really look at all the offerings.

Do you have the power to change answers, Nic? It is an answer. There are many answers to a problem.

In fact, do you have the power to delete answers? I understand that people with high points, even if a partner and conflicting agendas possibly, have the power to do this? Do you think this would be ethical behavior on a public forum?

Yes, but I don't touch them unless they are blatantly wrong and potentially dangerous. The problem (in my opinion) here is that your answer is an advert for your product. I'm not saying that your SSO is the wrong solution, just that it should be looked at alongside the other SSO products. It is not the only one, and another one *might* be a lot better for the questioner.

Ah, you edited your comment and made my comment less clear. You originally asked if I could "edit" answers. I don't know if I can delete them - I don't think so, but I wouldn't do it even if I could. I can delete users, which then deletes all their questions and answers, but that's only for killing off spammers in my opinion, I'd never try it on a genuine user, even if they really annoyed me. I don't know if partners have more power than you or I. I've got some facilities because of my points (and although I now work for a partner, I'm still using the account that I used before I joined, and I don't think it's made a jot of difference that I now work for one)

It is not an advert, it is a suggestion, with a link that has more info. Take or leave. Further, I have repeatedly agreed to go ahead and check other options. No problem. Nic, there are 100s of posts littering this forum about SSO. It is a serious challenge for customers, and they need help to information. As your link also provided.

"Ah, you edited your comment and made my comment less clear." ? What? Edited what comment? We do not have the ability to edit comments; only create, delete, convert to answer. Besides, my ORIGINAL answer was explicitly "try our SSO", not "use my product" as you purported (but sure, if you like it, use it). Customers are not fools. They buy because they want to, not because they are sold to. And in the area of SSO, we have yet to meet a dumb customer that doesn't ask a lot of very important and valid questions, since obviously it is critically important to their architecture and infrastructure.

My apologies, as I posted that last answer, the way comments cross over makes it look like you had posted "do you have the power to amend answers" then changed it to "do you have the power to delete". Now I come back to it, it's clear. I am sorry I misunderstood that. I don't see that "try our sso" is any different to "use my product" when you don't make it clear that there are alternatives. I always try to tell people when there are other options. But I think that's clear from the other postings.

I appreciate your comments, Nic. Will try to suggest that there are always other options. Although in consideration of perspectives confusion, I tend to think that "other options" is inherent across the board and customers typically know that. While doesn't have as good of a ring to it, maybe this really is the "options/suggestions/helpers.atlassian.com" board, which means, much of the answers are not absolute (but useful; very useful indeed). Alas, semantics. Thanks. <hand-shakes> (I nominate that the context philosophy that there are "many options to do similar/same things" as a FAQ entry here: https://confluence.atlassian.com/display/AAC/Atlassian+Answers+FAQ)

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,180 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you