Mapping domain admins AD group to jira-administrators

Hey there, i cant pick groups in the "bulk edit group members" section.

 

What i want to achieve, is to have anyone in the 'domain admins' group in active directory automatically become a member of jira-administrators local group.

 

obviously this could be expanded to include all 'domain users' being members of the lowest level group (jira servicedesk users maybe) so that they can submit requests. I mean thats the next step. however it seems local groups, i have to add them one by one.

I want to minimize how much i have to fiddle with the built in groups and would rather use AD which is already segmented into groups, for assigning user permissions. I am not seeing how to do that. I can assign groups to "roles" and "global permissions" however i wanted to just inherit all the permissions that (for example) jira-administrators already has.

For example, jira administrators is already a member of every group on the global permissions page, but if i wanted to add "domain admins" to every group, i would have to add it manually. Much easier if i could just add "domain admins" to the "jira-administrators" group and have it inherit. Especially since i am not sure where else 'jira-administrator' may have permissions that i really want domain admins to have access to.

 

In our corp, domain admins only has two users, so i can manually add them as individual users to the 'jira-administrators' group, but for something like 'domain users' has hundreds, and i wont be adding them all manually to any group.

 

please advise thanks

 

1 answer

With SAML and ADFS this can be easily achieved. 

ADFS: "Send group memberships as a claim"

Select the group to be sent as an outgoing claim, e.g. domain admins, then outgoing claim value: jira-administrators.

Really the same for domain users -> jira-users.

Cheers,

Lars

sorry do you have some kind of document about this? where is that setting on the backend? I dont see anything about it in user directories.

 

thanks for your reply.

This can be achieved with ADFS (and probably other IDP`s as well) and any SAML provider that support group claims.

I work with Kantega Single Sign-on, but there are many vendors to choose from:

https://marketplace.atlassian.com/search?query=saml

 

-Lars

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Julia Dillon
Posted Tuesday in Jira

Tell us how your team runs on Jira!

Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...

225 views 1 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you