Restricting access to Jira for users in a particular group

Debrup Bhattacharjee April 20, 2015

Hi,

We have enabled LDAP Authentication for our Jira Instance. As part of that, we have 3 groups created in LDAP i.e., jira-developers, jira-administrators and jira-systemadministrators. The process to get access to Jira is that the users need to raise an access request to either of these groups and once that is processed, they need to login with their user credentials (as in the Corporate Directory) and they get mapped to the group on which they raised an access request.

I understand that users get allocated to the default jira-users group if they login. We have blocked the feature where they could create their own IDs, but I understand that they can still get in without Authorization on use of the application.

Is there a way we can prevent that? Alternately, is there a way that when the user logs in for the first time, a mail is generated to the System Administrator? As a third option, when an user logs in for the first time, can they be logged in as an Inactive user to start with and it would be up to the System Administrator to make them Active based on inputs from the Application Owner or the relevant Authorizer for their access?

2 answers

1 vote
Paulo Hennig
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 20, 2015

Hello Debrup,

Actually to log in, the user has to be an active user (If not, won’t log in).

About jira-users, when you create a user in JIRA, the default action is to set the user to be a member from this group, case if you don’t want count in the license, you can just remove like you said or set as an inactive user.

0 votes
Debrup Bhattacharjee April 20, 2015

Hi Paul

Thank you for your response. Definitely what you have suggested, i.e., setting the user as inactive is one of the options. However, in our set up we have close to 2700 users and only about 1200 of them should actually be registered users. Is there a way to set some filters to make sure that users belonging to the group jira-users cannot log in at all?

 

Suggest an answer

Log in or Sign up to answer