Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Pros and Cons of creating groups in Jira, vs. AD, then pulling them into Jira

Hello, we are at the beginning of Jira implementation, and I wanted to know:

1. What are the pros and cons of creating groups in AD, then pulling them into Jira?

2. What are the pros and cons of creating them in Jira directly? And can you link them to AD at a later point?

Thank you!

1 answer

1 accepted

0 votes
Answer accepted

Starting with your 2nd question. No you cant link/merge them later. So choose wisely.

Benefits of local user/group management

  1. Your Jira is self contained. No dependency on AD
  2. Your Jira administrators (assuming they are not also AD Admins) can manage it themselves.

Benefits of AD based

  1. Single source of truth. I like being able to go to 1 place to validate membership/permissions. My audit dept likes it also.
  2. Nested groups. Very big help. Cant do that in internal directory
  3. Leverage your existing AD organization. For example, you want to give the Marketing Dept access to a project. And you already have a "marketing" AD group. You can leverage that existing group instead of making a new one. And when marketing onboards a new user, and adds them to that group, boom, they get jira access. 

I do the following.

Create an AD group for each project/role combination. For example if I have a project Foo, with roles Administrator and participant, I create 2 AD groups. "jira-foo-participants" and "jira-foo-administrators" then I can add the "marketing" AD group (as a group) to jira-foo-participants and the head of marketing to jira-foo-administrators.

then I just assign the groups to the role in the project.

I also create a "jira-software-licensed" AD group, and add all the other Jira AD groups to that one. I then in jira use that group for licensing. That way I know anyone who can access a project automatically gets a licenses.

(well actually I used to do that. Now we run both Service Desk and Software, and I want to make sure not to give both licenses to a user unless they really need it, So i do something different now. But if you only have 1 license time, the above works great.

As you can See, I am a big fan of AD based

Thank you very much for that answer! Big help!

Like Sofia Quintero likes this

Hi @Andrew Laden 

What you are suggesting here is that, if a group created in AD it will automatically get created in Jira too?

Currently we are trying to see sync happen between a AD group and Jira group. 
And also trying the same method you are following, to add a group called jira-user group in AD and see that any user added into this group will automatically gets jira license(as on Jira, jira-user group is placed under Application access).

And we are also looking at creating similar group for our service-desk license group.

So, can you please elaborate on the part "I also create a "jira-software-licensed" AD group, and add all the other Jira AD groups to that one. I then in jira use that group for licensing." does it means is it a automatic process where adding group in AD gets added to Jira(if this is not automatically happening do we need to make any changes in our AD?)

Thanks in advance

Manikanth Reddy

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you