Documentation for JIRA 4.3. Documentation for other versions of JIRA is available too.

Skip to end of metadata
Go to start of metadata

You can connect your JIRA application to Atlassian Crowd or to another JIRA server (version 4.3 or later) for management of users and groups, and for authentication (verification of a user's login).

On this page:

Connecting JIRA to Crowd

Atlassian Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can integrate multiple web applications and user directories, with support for single sign-on (SSO) and centralised identity management. The Crowd Administration Console provides a web interface for managing directories, users and their permissions. See the Crowd Administration Guide.

When to use this option: Connect to Crowd if you want to use the full Crowd functionality to manage your directories, users and groups. You can connect your Crowd server to a number of directories of all types that Crowd supports, including custom directory connectors.

To connect JIRA to Crowd:

  1. Go to your Crowd Administration Console and define the JIRA application to Crowd. See the Crowd documentation: Adding an Application.
  2. Log in to JIRA as a user with the 'JIRA System Administrators' global permission.
  3. Bring up the administration page by clicking either the 'Administration' link on the top bar or the title of the Administration box on the dashboard.
  4. Select 'User Directories' from the 'Users, Groups & Roles' section of the 'Administration' menu.
  5. Add a directory and select type 'Atlassian Crowd'. Enter the settings as described below.
  6. Save the directory settings.
  7. Define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. Here is a summary of how the directory order affects the processing:
    • The order of the directories is the order in which they will be searched for users and groups.
    • Changes to users and groups will be made only in the first directory where the application has permission to make changes.
    For details see Managing Multiple Directories.
  8. If required, configure JIRA to use Crowd for single sign-on (SSO) too. See the Crowd documentation: Integrating Crowd with Atlassian JIRA .

Settings in JIRA for the Crowd Directory Type

Setting

Description

Name

A meaningful name that will help you to identify this Crowd server amongst your list of directory servers. Examples:

  • Crowd Server
  • Example Company Crowd

Server URL

The web address of your Crowd server. Examples:

  • http://www.example.com:8095/crowd/
  • http://crowd.example.com

Application Name

The name of your application, as recognised by your Crowd server. Note that you will need to define the application in Crowd too, using the Crowd administration Console. See the Crowd documentation on adding an application.

Application Password

The password which the application will use when it authenticates against the Crowd framework as a client. This must be the same as the password you have registered in Crowd for this application. See the Crowd documentation on adding an application.

Crowd Permissions

Setting

Description

Read Only

The users, groups and memberships in this directory are retrieved from Crowd and can only be modified via Crowd. You cannot modify Crowd users, groups or memberships via the application administration screens.

Read/Write

The users, groups and memberships in this directory are retrieved from Crowd. When you modify a user, group or membership via the application administration screens, the changes will be applied directly to Crowd. Please ensure that the application has modification permissions for the relevant directories in Crowd. See the Crowd documentation: Specifying an Application's Directory Permissions.

Advanced Crowd Settings

Setting

Description

Enable Nested Groups

Enable or disable support for nested groups. Before enabling nested groups, please check to see if the user directory or directories in Crowd support nested groups. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.

Connecting JIRA to Another JIRA Server

Subject to certain limitations, you can connect a number of Atlassian web applications to a single JIRA server for centralised user management.

When to use this option: You can only connect to a server running JIRA 4.3 or later. Choose this option as an alternative to Atlassian Crowd, for simple configurations with a limited number of users.

Let's assume that you have two JIRA servers, called for example 'JIRA site 1' and 'JIRA site 2'. You want JIRA site 2 to manage your users and groups. JIRA site 1 will delegate user management to JIRA site 2.

To connect JIRA site 1 to use JIRA site 2 for user management:

  1. Configure JIRA site 2 to recognise JIRA site 1:
    • Log in to JIRA site 2 as a user with the 'JIRA Administrators' global permission.
    • Bring up the administration page.
    • Select 'Other Applications' from the 'Users, Groups & Roles' section of the 'Administration' menu.
    • Add an application.
    • Enter the application name and password that JIRA site 1 will use when accessing JIRA site 2.
    • Enter the IP address or addresses of JIRA site 1. Valid values are:
      • A full IP address, e.g. 192.168.10.12.
      • A wildcard IP range, using CIDR notation, e.g. 192.168.10.1/16. For more information, see the introduction to CIDR notation on Wikipedia and RFC 4632.
    • Save the new application.
  2. Configure JIRA site 1 to delegate user management:
    • Log in to JIRA site 1 as a user with the 'JIRA Administrators' global permission.
    • Bring up the administration page by clicking either the 'Administration' link on the top bar or the title of the Administration box on the dashboard.
    • Select 'User Directories' from the 'Users, Groups & Roles' section of the 'Administration' menu.
    • Add a directory and select type 'Atlassian JIRA'.
    • Enter the settings as described below. When asked for the application name and password, enter the values that you defined in the settings on JIRA site 2.
    • Save the directory settings.
    • Define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. Here is a summary of how the directory order affects the processing:
      • The order of the directories is the order in which they will be searched for users and groups.
      • Changes to users and groups will be made only in the first directory where the application has permission to make changes.
      For details see Managing Multiple Directories.

Settings for the JIRA Directory Type

Setting

Description

Name

A meaningful name that will help you to identify this JIRA server amongst your list of directory servers. Examples:

  • JIRA Server
  • My Company JIRA

Server URL

The web address of your JIRA server. Examples:

  • http://www.example.com/8080
  • http://jira.example.com

Application Name

The name used by your application when accessing the JIRA server that acts as user manager. Note that you will also need to define your application to that JIRA server, via the 'Other Applications' option in the 'Users, Groups & Roles' section of the 'Administration' menu.

Application Password

The password used by your application when accessing the JIRA server that acts as user manager.

Permissions for the JIRA Directory Type

Setting

Description

Read Only

The users, groups and memberships in this directory are retrieved from the JIRA server that is acting as user manager. They can only be modified via that JIRA server.

Read/Write

The users, groups and memberships in this directory are retrieved from the JIRA server that is acting as user manager. When you modify a user, group or membership, the changes will be applied directly to your application and to the JIRA server that is acting as user manager.

Advanced Settings for the JIRA Directory Type

Setting

Description

Enable Nested Groups

Enable or disable support for nested groups. Before enabling nested groups, please check to see if nested groups are enabled on the JIRA server that is acting as user manager. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.

Diagrams of Some Possible Configurations

Gliffy Zoom Zoom

Diagram above: Confluence, JIRA and other applications connecting to Crowd for user management.

Gliffy Zoom Zoom

Diagram above: One JIRA site connecting to another for user management. JIRA site 2 does the user management, storing the user data in its internal directory.

Gliffy Zoom Zoom

Diagram above: A number of applications connecting to JIRA (site 2) for user management, with JIRA in turn connecting to an LDAP server.

RELATED TOPICS

Configuring User Directories