Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal


  • Give kudos
  • Received
  • Given


  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Pros and Cons of creating groups in Jira, vs. AD, then pulling them into Jira

Hello, we are at the beginning of Jira implementation, and I wanted to know:

1. What are the pros and cons of creating groups in AD, then pulling them into Jira?

2. What are the pros and cons of creating them in Jira directly? And can you link them to AD at a later point?

Thank you!

1 answer

1 accepted

0 votes
Answer accepted

Starting with your 2nd question. No you cant link/merge them later. So choose wisely.

Benefits of local user/group management

  1. Your Jira is self contained. No dependency on AD
  2. Your Jira administrators (assuming they are not also AD Admins) can manage it themselves.

Benefits of AD based

  1. Single source of truth. I like being able to go to 1 place to validate membership/permissions. My audit dept likes it also.
  2. Nested groups. Very big help. Cant do that in internal directory
  3. Leverage your existing AD organization. For example, you want to give the Marketing Dept access to a project. And you already have a "marketing" AD group. You can leverage that existing group instead of making a new one. And when marketing onboards a new user, and adds them to that group, boom, they get jira access. 

I do the following.

Create an AD group for each project/role combination. For example if I have a project Foo, with roles Administrator and participant, I create 2 AD groups. "jira-foo-participants" and "jira-foo-administrators" then I can add the "marketing" AD group (as a group) to jira-foo-participants and the head of marketing to jira-foo-administrators.

then I just assign the groups to the role in the project.

I also create a "jira-software-licensed" AD group, and add all the other Jira AD groups to that one. I then in jira use that group for licensing. That way I know anyone who can access a project automatically gets a licenses.

(well actually I used to do that. Now we run both Service Desk and Software, and I want to make sure not to give both licenses to a user unless they really need it, So i do something different now. But if you only have 1 license time, the above works great.

As you can See, I am a big fan of AD based

Thank you very much for that answer! Big help!

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you