Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira: LDAP User Being Added to Internal Directory

Dan Long
Dan Long April 3, 2025

User Directory Config:

  • LDAP (Active Directory) is first
  • Jira Internal Directory is second.

The issue is that one particular account; when it first logs into Jira via OpenID Connect SSO (Keycloak - LDAP - Active Directory), the account is added to the internal directory and his groups don't match the groups in LDAP.  

When we change his groups in the Internal Directory; as soon as he logs out and in; the groups gets reverted.

We have deleted the account in Jira from the Internal Directory but as soon as the account logs in; it's added back to the Internal Directory.  [ The account does not have any activity in Jira. ]

Other new users stay in the LDAP directory and no issues with group membership...

Any ideas?

Answer
Watch
Like Be the first to like this
54 views

1 answer

0 votes
Ivan
Ivan
Contributor
April 4, 2025

Hi Dan, this usually happens when the SSO or user provisioning flow isn't correctly resolving the user against the LDAP directory during login. If the user isn't found in LDAP at that point, Jira creates a new user in the Internal Directory instead.

I’d recommend checking:
-Whether the user’s username or email in LDAP exactly matches what's coming from Keycloak. -That the LDAP directory is active and syncing correctly.
-That the SSO mapping is pointing to the LDAP directory as expected.

It might also help to look at the logs during login to confirm which directory Jira is trying first for that user. Since other users work fine, it's likely a mismatch or case sensitivity issue with this specific account.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
10.3.4
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.