A user directory is a place where you store information about users and groups. User information includes the person's full name, username, password, email address and other personal information. Group information includes the name of the group, the users that belong to the group, and possibly groups that belong to other groups.
The internal directory stores user and group information in the JIRA database. You can also connect to external user directories, and to Atlassian Crowd and JIRA as directory managers.
Configuring User Directories in JIRA
To configure your user directories:
- Log in as a user with the 'JIRA Administrators' global permission.
- Select 'Administration' > 'Users' > 'User Directories'.
Keyboard shortcut: 'g' + 'g' + start typing 'directories'.
Connecting to a Directory
You can add the following types of directory servers and directory managers:
- JIRA's internal directory. See Configuring the Internal Directory.
- Microsoft Active Directory. See Connecting to an LDAP Directory.
- Various other LDAP directory servers. See Connecting to an LDAP Directory.
- An LDAP directory for delegated authentication. See Connecting to an Internal Directory with LDAP Authentication.
- Atlassian Crowd. See Connecting to Crowd or Another JIRA Server for User Management.
- Another JIRA server. See Connecting to Crowd or Another JIRA Server for User Management.
You can add as many external user directories as you need. Note that you can define the order of the directories. This determines which directory JIRA will search first, when looking for user and group information. See Managing Multiple Directories.
Limitations when Editing Directories
You cannot edit, disable or remove the directory your user belongs to. This precaution is designed to prevent administrators from locking themselves out of the application by changing the directory configuration in a way that prevents them logging in or removes their administration permissions.
This limitation applies to all directory types. For example:
- You cannot disable the internal directory if your user is an internal user.
- You cannot disable or remove an LDAP or a Crowd directory if your user comes from that directory.
In some situations, reordering the directories will change the directory that the current user comes from, if a user with the same username happens to exist in both. This behaviour can be used in some cases to create a copy of the existing configuration, move it to the top, then remove the old one. Note, however, that duplicate usernames are not a supported configuration.
You cannot remove the internal directory. This precaution aligns with the recommendation below that you always keep an administrator account active in the internal directory.
The recommended way to edit directory configurations is to log in as an internal user when making changes to external directory configuration.
We recommend that you keep either an administrator or system administrator user active in your internal directory for troubleshooting problems with your user directories.
Enabling, Disabling and Removing Directories
You can enable or disable a directory at any time. If you disable a directory, your configuration details will remain but the application will not recognise the users and groups in that directory.
You have to disable a directory before you can remove it. Removing a directory will remove the details from the database.
Screenshot: Configuring user directories
- Configuring the Internal Directory
- Connecting to an LDAP Directory
- Connecting to an Internal Directory with LDAP Authentication
- Connecting to Crowd or Another JIRA Server for User Management
- Managing Multiple Directories
- Synchronising Data from External Directories
- Managing Nested Groups
- Diagrams of Possible Configurations for User Management
- User Management Limitations and Recommendations
- Allowing Other Applications to Connect to JIRA for User Management