Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSO: first login and group membership

Stefan Geyer
Stefan Geyer May 16, 2012

I have an issue with the user login and group membership and just wanted to post it to see if anyone came across it before.

- I configured our users to be synchronised with ActiveDirectory (in test and production), that works very well.

- With SSO off (that usual Jira login) the users log in with their PC login details and at the first login get added to the group staff-users by default (that group is basically jira-users, you need to be member to use jira).

- If I switch SSO on and let a new user (never logged into Jira before) access it they get logged in, but can’t do anything else because they are not member of any group. From the user management page I can see that the login (with SSO) was not recorded and no group was assigned.

-

- Tried the same on the testsytem (no SSO) and it works fine, the user login is recorded and the group automatically assigned.

I’m thinking that SSO bypasses some of Jira’s usual login procedures and that causes problems? Or maybe I’m missing something here.

Answer
Watch
Like Be the first to like this
681 views

2 answers

1 accepted

0 votes
Answer accepted
Ellen Feaheny [
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 19, 2012

Stefan -

I discussed this internally with AppFusions engineering, and our Kerberos SSO integration does not add users to local groups during first login. We recommend you use LDAP groups instead of local groups if using our SSO.

Our customers of our SSO solution to date are all using LDAP (or AD) groups - so this has not come up before.

We can help you evolve your user directories in this way if needed - or we could add this feature as an enhancement request as well.

Please contact us at info@appfusions.com if you would like to evolve your SSO implementation.

Best,

Ellen

View More Comments
Stefan Geyer
Stefan Geyer May 20, 2012

Hi Ellen,

Thank you very much for your answer. We will switch to AD groups now, a requirement that was overdue anyway.

Regards,

Stefan

Like
Reply
0 votes
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 16, 2012

Are you referring to using SSO via Crowd or your tag indicates possibly Kerberos? Depending on the SSO solution, the help will be different

View More Comments
Stefan Geyer
Stefan Geyer May 16, 2012

We are using the AppFusions SSO solution with Kerberos (ActiveDirectory), I can give more detail if you require.

Like
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 16, 2012

Contact us direct here - http://appfusions.uservoice.com/

Like
Elizabeth3
Elizabeth May 12, 2015

FYI... AppFusions main support is now via info@appfusions.com. Both sales and support, honestly. It is the AppFusions front door.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

    See all events