I have an issue with the user login and group membership and just wanted to post it to see if anyone came across it before.
- I configured our users to be synchronised with ActiveDirectory (in test and production), that works very well.
- With SSO off (that usual Jira login) the users log in with their PC login details and at the first login get added to the group staff-users by default (that group is basically jira-users, you need to be member to use jira).
- If I switch SSO on and let a new user (never logged into Jira before) access it they get logged in, but can’t do anything else because they are not member of any group. From the user management page I can see that the login (with SSO) was not recorded and no group was assigned.
-
- Tried the same on the testsytem (no SSO) and it works fine, the user login is recorded and the group automatically assigned.
I’m thinking that SSO bypasses some of Jira’s usual login procedures and that causes problems? Or maybe I’m missing something here.
Stefan -
I discussed this internally with AppFusions engineering, and our Kerberos SSO integration does not add users to local groups during first login. We recommend you use LDAP groups instead of local groups if using our SSO.
Our customers of our SSO solution to date are all using LDAP (or AD) groups - so this has not come up before.
We can help you evolve your user directories in this way if needed - or we could add this feature as an enhancement request as well.
Please contact us at info@appfusions.com if you would like to evolve your SSO implementation.
Best,
Ellen
Hi Ellen,
Thank you very much for your answer. We will switch to AD groups now, a requirement that was overdue anyway.
Regards,
Stefan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are you referring to using SSO via Crowd or your tag indicates possibly Kerberos? Depending on the SSO solution, the help will be different
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We are using the AppFusions SSO solution with Kerberos (ActiveDirectory), I can give more detail if you require.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Contact us direct here - http://appfusions.uservoice.com/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.