Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Active Directory Integration with JSM Cloud Without Guard/Access

Marcos Hoyos _CM_
Marcos Hoyos _CM_
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 23, 2025

We are planning to migrate our support desk from Proactivanet to Jira Service Management Cloud. In our current setup, user management is handled through Active Directory (Microsoft), and every user creation, modification, or deactivation is automatically replicated in Proactivanet. This includes detailed user data such as: first name, last name, position, company, department, OU, direct manager’s name and email, last login, and assigned team.

Our requirement is to have an equivalent mechanism in Jira Service Management Cloud: automatically synchronizing all AD users as portal customers, including as many additional attributes as possible (not just name and email). We have approximately 5.000 users to provision.

After reviewing the documentation, we found that native integration via Azure AD requires Atlassian Guard/Access, which is expensive for our scenario, since we currently incur no per-user cost in Proactivanet.

Specific questions:

  1. Is there any supported alternative to synchronize users (with custom attributes) from Active Directory to Jira Service Management Cloud without requiring Atlassian Guard/Access for every portal user?

  2. Are there Marketplace applications that enable automated import/synchronization of customers from AD to JSM Cloud, including custom attributes?

  3. Any best practice recommendations to ensure users are automatically kept in sync, avoiding manual administration tasks?

I would appreciate input from anyone who has faced a similar migration, and any concrete recommendations to minimize the cost of automated user provisioning in Jira Service Management Cloud.

Answer
Watch
Like Be the first to like this
92 views

2 answers

0 votes
Ankita Mehta
Ankita Mehta
Contributor
June 27, 2025

Hi @Marcos Hoyos _CM_ ,

You're asking all the right questions — this is a common challenge when moving from tightly integrated ITSM tools (like Proactivanet) to Jira Service Management Cloud, which handles identity differently.

What can be done

Out of the box, JSM Cloud supports customer user provisioning via Atlassian Access (Guard) when connected to Azure AD. But as you’ve rightly noted, that comes with per-user costs — not ideal if you have 5,000+ portal-only customers.

Here are the main alternatives organizations explore:

  • Manual or CSV-based provisioning:
    • One-time bulk uploads via CSV or API
    • Doesn’t support real-time sync or custom attributes
    • High maintenance, error-prone
  • Marketplace apps (e.g., miniOrange, User Sync, or Custom Connectors)
    • Some apps allow scheduled syncs from AD or LDAP to JSM
    • Support for custom fields varies — usually limited to basic info (name, email, group)
    • Often designed for user authentication, not full identity management
    • May still require Access for full integration, depending on how Atlassian handles account claims

Things to consider before you begin:

  • JSM Cloud doesn’t have a native schema for rich user metadata (like manager, department, last login, etc.). You’ll need to use custom user properties, organization fields, or linked Insight/Assets objects if you want to retain these.
  • Be mindful of data ownership and overwrite logic — if users edit their profiles manually in the portal, sync logic should avoid unintended updates.
  • Account lifecycle matters: Disabling/deactivating users automatically in JSM requires API intervention or workflow automation.

You may consider an enterprise – grade data integration platform, OpsHub Integration Manager (An Atlassian Solutions Partner) for automatic, bidirectional integration without writing a single line of code :). It can help you sync detailed user data from AD to JSM using APIs, without needing Guard. It’s not for authentication — but it does handle user creation, updates, and enrichment cleanly. No manual handoffs!

Have any questions? Feel free to reach out!

 

 

Reply
0 votes
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 24, 2025

Hi @Marcos Hoyos _CM_ 

  1. To make use of SSO with AD, you will require Atlassian Guard, this will not take custom attributes

    For more information see; https://support.atlassian.com/provisioning-users/docs/sync-user-attributes-to-your-organization/#Set-up-mapping-for-Microsoft-Azure 
  2. Yes, but you still require Atlassian Guard.
  3. Use Atlassian Guard

Storing more information and using this information would be solvable by using JSM Premium, this will provide you with Assets, an assets can be linked to a Jira user anf also synched from AD.

 

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security