Mapping domain admins AD group to jira-administrators

Hey there, i cant pick groups in the "bulk edit group members" section.

 

What i want to achieve, is to have anyone in the 'domain admins' group in active directory automatically become a member of jira-administrators local group.

 

obviously this could be expanded to include all 'domain users' being members of the lowest level group (jira servicedesk users maybe) so that they can submit requests. I mean thats the next step. however it seems local groups, i have to add them one by one.

I want to minimize how much i have to fiddle with the built in groups and would rather use AD which is already segmented into groups, for assigning user permissions. I am not seeing how to do that. I can assign groups to "roles" and "global permissions" however i wanted to just inherit all the permissions that (for example) jira-administrators already has.

For example, jira administrators is already a member of every group on the global permissions page, but if i wanted to add "domain admins" to every group, i would have to add it manually. Much easier if i could just add "domain admins" to the "jira-administrators" group and have it inherit. Especially since i am not sure where else 'jira-administrator' may have permissions that i really want domain admins to have access to.

 

In our corp, domain admins only has two users, so i can manually add them as individual users to the 'jira-administrators' group, but for something like 'domain users' has hundreds, and i wont be adding them all manually to any group.

 

please advise thanks

 

1 answer

This widget could not be displayed.

With SAML and ADFS this can be easily achieved. 

ADFS: "Send group memberships as a claim"

Select the group to be sent as an outgoing claim, e.g. domain admins, then outgoing claim value: jira-administrators.

Really the same for domain users -> jira-users.

Cheers,

Lars

sorry do you have some kind of document about this? where is that setting on the backend? I dont see anything about it in user directories.

 

thanks for your reply.

This can be achieved with ADFS (and probably other IDP`s as well) and any SAML provider that support group claims.

I work with Kantega Single Sign-on, but there are many vendors to choose from:

https://marketplace.atlassian.com/search?query=saml

 

-Lars

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

304 views 1 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you