Configuring user directories
A user directory is a place where you store information about users and groups. User information includes the person's full name, username, password, email address and other personal information. Group information includes the name of the group, the users that belong to the group, and possibly groups that belong to other groups.
The internal directory stores user and group information in the Jira database. You can also connect to external user directories, and to Atlassian Crowd and Jira as directory managers.
See User management for more information on how to create and manage users in Jira.
On this page:
Managing 500+ users across Atlassian products?
Find out how easy, scalable and effective it can be with Crowd!
See centralized user management.
Configuring user directories in Jira
- Log in as a user with the Jira System Administrators global permission.
- In the upper-right corner of the screen, select Administration
> User Management.
- In the sidebar, select User directories.
Connecting to a directory
You can add the following types of directory servers and directory managers:
- Jira's internal directory. See Configuring the internal directory.
- Microsoft Active Directory. See Connecting to an directory.
- Various other directory servers. See Connecting to an Directory.
- An directory for delegated authentication. See Connecting to an Internal Directory with Authentication.
- Atlassian Crowd. See Connecting to Crowd or another Jira server for user management.
- Another Jira server. See Connecting to Crowd or another Jira server for user management.
You can add as many external user directories as you need. Note that you can define the order of the directories. This determines which directory Jira will search first, when looking for user and group information. See Managing multiple directories.
Updating directories
Limitations when editing directories
You cannot edit, disable, or remove the directory your user belongs to. This precaution is designed to prevent administrators from locking themselves out of the application by changing the directory configuration in a way that prevents them logging in or removes their administration permissions.
This limitation applies to all directory types. For example:
- You cannot disable the internal directory if your user is an internal user.
- You cannot disable or remove an LDAP or a Crowd directory if your user comes from that directory.
In some situations, reordering the directories will change the directory from which the current user comes from, if a user with the same username happens to exist in both. This behavior can be used in some cases to create a copy of the existing configuration, move it to the top, then remove the old one. Note, however, that duplicate usernames are not a supported configuration.
You cannot remove the internal directory. This precaution aligns with the recommendation below that you always keep an administrator account active in the internal directory.
Recommendations
The recommended way to edit directory configurations is to log in as an internal user when making changes to the external directory configuration.
We recommend that you keep either an administrator or system administrator user active in your internal directory for troubleshooting problems with your user directories.
Enabling, disabling, and removing directories
You can enable or disable a directory at any time. If you disable a directory, your configuration details will remain but the application will not recognize the users and groups in that directory.
You have to disable a directory before you can remove it. Removing a directory will remove the details from the database.
Screenshot: Configuring user directories
In situations where users are unable to change their passwords, check that a Delegated Authentication Directory is not the highest in the order of User Directories. As a workaround, you can change the order of User Directories, or alternatively use a connection to a directory instead.