The current situation is we have outside contractors that are using our JIRA instance. They have been setup in our internal AD which allows us to add users to JIRA in the same fashion as our corporate users. They will want their JIRA accounts to be setup with different email addresses (their own and not our corporate email addresses), and I am wondering if Crowd would provide the ability to have a custom email address to be associated with their JIRA account that is different than their AD account even though their JIRA account is tied to the AD account.
@Daniel Haws, thanks, it is now much clearer to me.
From Jira's perspective, users are not AD users or internal directory users, they are just Crowd users as Crowd acts as a proxy / virtual directory. So you would not have anything to do to keep a user's content on JIRA if you moved this user from AD to a Crowd internal directory.
But I'm afraid this would not solve your problem as your external users need an AD account for other purposes in your organisation.
Do your external users have a distinct AD username, something like johndoe-external? If so you could change the user object filter of your AD connector in Crowd so as to get the employees only:
(&(objectCategory=Person)(!(sAMAccountName=*external)))
Then you would create a delegated authentication directory in Crowd to store the external users (using a delegated authentication directory would allow the external users to use their AD password to access to Jira).
This would allow you to change their email addresses in the delegated authentication directory in Crowd. But the drawback would be that you would have to create JIRA groups (jira-users, jira-administrators, yourownjiragroups etc.) in that directory and edit the external users memberships in these groups instead of AD groups. As far as I understand, that would change your provisioning process, what you surely don't want.
@Bruno Vincent, thanks for your reply. I have updated my question as I misspoke. We didn't add the users to AD just to add them to JIRA. As part of our on-boarding process, they get AD accounts. We used the AD accounts hoping that we could streamline the process and only have to add them to their JIRA groups. Hindsight, I agree it would have been better to create them as internal users.
The follow up question to that is: how would one convert AD accounts to internal accounts; or is that even possible? If I create new internal accounts for the external users, how do I keep the content created under the AD linked account, associated with the newly created internal account?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Daniel,
Maybe I am missing something but why did you add the outside contractors to your internal AD if the only purpose is to give them access to Jira? You would do better to create an internal Crowd Directory dedicated to external users and link it to your JIRA application alongside with your AD that contains internal users only. You could then use external email addresses in the Crowd internal directory that is dedicated to outside users.
Regards,
Bruno
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.