I have an issue with the user login and group membership and just wanted to post it to see if anyone came across it before.
- I configured our users to be synchronised with ActiveDirectory (in test and production), that works very well.
- With SSO off (that usual Jira login) the users log in with their PC login details and at the first login get added to the group staff-users by default (that group is basically jira-users, you need to be member to use jira).
- If I switch SSO on and let a new user (never logged into Jira before) access it they get logged in, but can’t do anything else because they are not member of any group. From the user management page I can see that the login (with SSO) was not recorded and no group was assigned.
- Tried the same on the testsytem (no SSO) and it works fine, the user login is recorded and the group automatically assigned.
I’m thinking that SSO bypasses some of Jira’s usual login procedures and that causes problems? Or maybe I’m missing something here.
I discussed this internally with AppFusions engineering, and our Kerberos SSO integration does not add users to local groups during first login. We recommend you use LDAP groups instead of local groups if using our SSO.
Our customers of our SSO solution to date are all using LDAP (or AD) groups - so this has not come up before.
We can help you evolve your user directories in this way if needed - or we could add this feature as an enhancement request as well.
Please contact us at firstname.lastname@example.org if you would like to evolve your SSO implementation.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG