Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Mapping domain admins AD group to jira-administrators

JiraYo
JiraYo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 8, 2017

Hey there, i cant pick groups in the "bulk edit group members" section.

 

What i want to achieve, is to have anyone in the 'domain admins' group in active directory automatically become a member of jira-administrators local group.

 

obviously this could be expanded to include all 'domain users' being members of the lowest level group (jira servicedesk users maybe) so that they can submit requests. I mean thats the next step. however it seems local groups, i have to add them one by one.

I want to minimize how much i have to fiddle with the built in groups and would rather use AD which is already segmented into groups, for assigning user permissions. I am not seeing how to do that. I can assign groups to "roles" and "global permissions" however i wanted to just inherit all the permissions that (for example) jira-administrators already has.

For example, jira administrators is already a member of every group on the global permissions page, but if i wanted to add "domain admins" to every group, i would have to add it manually. Much easier if i could just add "domain admins" to the "jira-administrators" group and have it inherit. Especially since i am not sure where else 'jira-administrator' may have permissions that i really want domain admins to have access to.

 

In our corp, domain admins only has two users, so i can manually add them as individual users to the 'jira-administrators' group, but for something like 'domain users' has hundreds, and i wont be adding them all manually to any group.

 

please advise thanks

 

Answer
Watch
Like Be the first to like this
1298 views

1 answer

1 vote
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 8, 2017

With SAML and ADFS this can be easily achieved. 

ADFS: "Send group memberships as a claim"

Select the group to be sent as an outgoing claim, e.g. domain admins, then outgoing claim value: jira-administrators.

Really the same for domain users -> jira-users.

Cheers,

Lars

View More Comments
JiraYo
JiraYo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 8, 2017

sorry do you have some kind of document about this? where is that setting on the backend? I dont see anything about it in user directories.

 

thanks for your reply.

Like
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 8, 2017

This can be achieved with ADFS (and probably other IDP`s as well) and any SAML provider that support group claims.

I work with Kantega Single Sign-on, but there are many vendors to choose from:

https://marketplace.atlassian.com/search?query=saml

 

-Lars

Like
Mitchel van Zitteren
Mitchel van Zitteren
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 3, 2020

Hello Lars,

I have attempted the following:

With SAML and ADFS this can be easily achieved. 

ADFS: "Send group memberships as a claim"

Select the group to be sent as an outgoing claim, e.g. domain admins, then outgoing claim value: jira-administrators.

Really the same for domain users -> jira-users.

 

This does not seem to work. The specified active directory is not mapped to the configured Jira-group and members are not beeing added.

Are you sure this is supported and if so, can you please provide a more detailed instruction?

Thank you in advance.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.