ldap vs external user

hello,

We use Jira in our corporate company and logins are only through LDAP.

The permissions of our projects are assigned to the “jira-software-user” group by default. However, we created a new schema for our two new projects, called “externaluserank” and access to this schema is set to “externalusergroup” only.

We added two people as external users and assigned them to the “externalusergroup” group. However, these users cannot log in. When we add these users to the “jira-software-user” group they can log in, but when they are removed from this group they cannot log in again.

We need your help on how to solve this important issue.

Thank you.

2 answers

2 accepted

2 votes

Answer accepted

Hi Darius,

You need to grant access to the Jira Software product to the externalusergroup group.

Also, it's a better idea to grant permissions based on Project Roles rather than groups. You can then give the group the a project role that gives them access to the project if you like. It helps to avoid things like this.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hello. Thanks for your answer. There is a problem like this;

In all other projects it is set as "any logged in user". When I add an external user, he can see other projects.

Therefore, it was necessary to edit from shaman. However, if I do not assign it to the group as jira-software, he cannot log in.

How can I solve this?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • John Funk likes this

Just like @John Funk said.

Please realize that up to now, you've actually been cutting corners on the security front by using the 'any logged in user' group.

So it's time to man-up, bite the bullet and provide proper roles to the projects.

There is no other way.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • John Funk likes this

You are right, thank you very much. I wish you good work.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • John Funk likes this

You are very welcome!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Answer accepted

Hi @Darius Tanz

If you want the External user to view a Software project, the only way is for the user to added to the Jira Software application access (jira-software-users group). This means the user will be able to view anything accessible to logged in users. If you wish to change the permissions, the way forward will be to alter existing permission schemes to provide access only based on Project Roles as @John Funk mentioned.

This means, assign permissions in permission schemes to Administrator or Developer or Users project role and change the Project People assignment to these respective Roles. I know it is a tedious task, but consider it as a chance to establish Governance.

Hope this helps.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

ldap vs external user

2 answers

2 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events