Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP Groups to Jira Groups Mapping.

KRC
KRC
Contributor
April 25, 2019

Hi all.

For JSW and JSD access, we want to map ldap groups namely- Jira Users, Jira Admins, Jira Sd Agents to system groups  jira-software-users, jira-administrators, jira-servicedesk-users.

How can we achieve this mapping? We tried but ended up as following.

For some reason  ldap group MDT-JIRA-USERS got mapped with JIRA SERVICE DESK automatically and we are surprised how.(please refer attachment) ideally MDT-JIRA-USERS should be mapped to JIRA SOFTWARE, similarly MDT-JIRA-ADMINS isn't mapped to ADMIN and similarly MDT-JIRASRVCAGENTS-USERS isnt mapped to JIRA SERVICE DESK. Not sure what caused this.

I want to approach community for knowledge share.

Thanks

Capture.PNG

 

Answer
Watch
Like Be the first to like this
4728 views

2 answers

0 votes
Andy Eggenberger
Andy Eggenberger June 11, 2019

One idea to solve the "group name mismatch" is to use Crowd btw. the LDAP and the Atlassian applications and nest the LDAP groups into the default Jira groups for instance.

alternatively, I am still looking for a Jira add-on which could map names, but have not found a suitable one so far.

Reply
0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 1, 2019

Hi,

If I understand correctly here, you are looking to map your LDAP groups within the default group names that grant application access in Jira (such as jira-software-users, jira-servicedesk-users).   Jira doesn't have a way to do this exactly in the manner you have presented it (of mapping an LDAP group into an internal group).  Those default internal groups can potentially contain users from and LDAP group, if that directory is setup to use the setting of Read only with local groups, but this isn't always ideal as a means to manage user's group membership.  It tends to require more administration of user memberships from within Jira itself, which defeats what I think most admins want when connecting to LDAP of being able to just manage the user/groups from a single source of LDAP truth.

I have seen some setups where admins have changed the group names in LDAP to match these jira group names exactly.  That can work, but many can't do this because they don't control the LDAP settings.   Instead of that approach, I think the better angle to take here is to look instead at the Licensing and application access documentation.

Once these LDAP groups exist in Jira, you can map them to grant application access or even grant global permissions.  But Jira does not automatically map these groups for you.  This is something that you or some other system level admin in Jira would have had to configure after the LDAP groups have synced into Jira at least once.

I hope this helps.

Andy

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.