Mapping domain admins AD group to jira-administrators

Hey there, i cant pick groups in the "bulk edit group members" section.

 

What i want to achieve, is to have anyone in the 'domain admins' group in active directory automatically become a member of jira-administrators local group.

 

obviously this could be expanded to include all 'domain users' being members of the lowest level group (jira servicedesk users maybe) so that they can submit requests. I mean thats the next step. however it seems local groups, i have to add them one by one.

I want to minimize how much i have to fiddle with the built in groups and would rather use AD which is already segmented into groups, for assigning user permissions. I am not seeing how to do that. I can assign groups to "roles" and "global permissions" however i wanted to just inherit all the permissions that (for example) jira-administrators already has.

For example, jira administrators is already a member of every group on the global permissions page, but if i wanted to add "domain admins" to every group, i would have to add it manually. Much easier if i could just add "domain admins" to the "jira-administrators" group and have it inherit. Especially since i am not sure where else 'jira-administrator' may have permissions that i really want domain admins to have access to.

 

In our corp, domain admins only has two users, so i can manually add them as individual users to the 'jira-administrators' group, but for something like 'domain users' has hundreds, and i wont be adding them all manually to any group.

 

please advise thanks

 

1 answer

With SAML and ADFS this can be easily achieved. 

ADFS: "Send group memberships as a claim"

Select the group to be sent as an outgoing claim, e.g. domain admins, then outgoing claim value: jira-administrators.

Really the same for domain users -> jira-users.

Cheers,

Lars

sorry do you have some kind of document about this? where is that setting on the backend? I dont see anything about it in user directories.

 

thanks for your reply.

This can be achieved with ADFS (and probably other IDP`s as well) and any SAML provider that support group claims.

I work with Kantega Single Sign-on, but there are many vendors to choose from:

https://marketplace.atlassian.com/search?query=saml

 

-Lars

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Wednesday in Jira

Join our webinar: How 1B+ feature flag events helped us build the new Jira

Every time you release software, there's a bit of risk – that there's a bug, that something breaks, or that the feature doesn't resonate with customers. Feature flagging helps make high stakes s...

100 views 0 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you