Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What is the best method to incorporate multiple layers of Active Directory for users?

Dan Leatherwood
Dan Leatherwood
Contributor
October 18, 2019

Currently, we have an Active Directory group to which all users have to be members for authentication into JIRA.  From there we are manually creating the users within JIRA and assigning them to specific projects.

We want to increase security and we want to know if there is a way to add another layer of Active Directory groups at the project level.  Each of our business areas has an Active Directory group designation and each of our Application Development areas has an Active Directory group designation.  So, we are wondering if we can assign a "second layer" of Active Directory so that only the people in their area's AD group will have access to a specific project.

Answer
Watch
Like Be the first to like this
330 views

1 answer

0 votes
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 18, 2019

I am assuming you have your jira instance connected to your Active Directory instance already.  (though I am confused. You shouldnt have to manually create users if you do. But if you dont, I dont know how you are using an AD group to control authentication.) If you dont have your jira connected to AD, I would start there by adding it as a User Directory.

You can use AD groups, and assign the groups to project roles. The project role will control permissions.

So for example, you create a role called "participants".

In your permission scheme, you limit Browse Project permissions to the Participant role (remove all logged in users, etc)

You can create a AD group called "jira-projectblah-participants" and only add people to that group who should have access to the project.

Finally in the project, you add that AD group to the project as role "Participants"

Bingo. only people in that AD group can access that project.

You want to get out of the habit of adding users directly to project roles. Managing groups is much easier.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security