Hello,
We were looking to implement a Jira Service Desk instance in our environment using Active Directory user accounts for everything. The problem I am running into is that with the current groups/permissions that I have already assigned I am seeing some people (who should only be customers) taking up agent licenses. Is there a "best practice" to ensure that only the intended users that are members of certain AD groups are in fact agents and everyone else is considered customers? I know there are several articles out there referencing people to setup a second LDAP and this process then assigns people to a default local group for jira-customers. I would like to avoid this if possible since I like keeping it all within our AD.
Thank you.
Chet,
You would need to make sure that your application access is configured correctly. In your AD, you'll need two groups. One of these will represent the customers whereas the other will be the agents. These groups can be called whatever you want, but typically people will use jira-servicedesk-users or service-desk-agents to represent agents. The other group you might want to call jira-servicedesk-customers.
You don't need two active directories/connections to accomplish this. Just set the AD groups up and then leverage them within JIRA. Make sure that in your application access the "Service Desk" access is set to the group you want.
Ok so application access is specified for the agents only? That makes sense (sorry new to the product). Thank you for your help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yep! The only ones that need the application access for service desk are the ones that will be the service desk agents. Everyone else will be handled differently. To configure the application access you need to navigate to "Administration">"Applications">"Application Access".
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.