Connecting Stash to JIRA for user management

(warning)  This page does not apply to JIRA Cloud; you can't use JIRA Cloud to manage your Stash users.

You can connect Stash to an existing Atlassian JIRA instance to delegate Stash user and group management, and authentication. Stash provides a "read-only" connection to JIRA for user management. This means that users and groups, fetched from JIRA, can only be modified or updated in that JIRA server, rather than in Stash.

Choose this option, as an alternative to Atlassian Crowd, for simple configurations with a limited number of users. Note that Stash can only connect to a JIRA server running JIRA 4.3 or later.

Connecting Stash and JIRA is a 3-step process:

1. Set up JIRA to allow connections from Stash

2. Set up Stash to connect to JIRA

3. Set up Stash users and groups in JIRA

Also on this page:

(warning) You need to be an administrator in JIRA and a system administrator in Stash to perform the following tasks.

1. Set up JIRA to allow connections from Stash

  1. Log in as a user with the 'JIRA Administrators' global permission.
  2. For JIRA 4.3.x, select Other Application from the 'Users, Groups & Roles' section of the 'Administration' menu.
    For JIRA 4.4 or later, choose Administration > Users > JIRA User Server.
  3. Click Add Application.
  4. Enter the application name (case-sensitive) and password that Stash will use when accessing JIRA.
  5. Enter the IP address of your Stash server. Valid values are:
    • A full IP address, e.g. 192.168.10.12.
    • A wildcard IP range, using CIDR notation, e.g. 192.168.10.1/16. For more information, see the introduction to CIDR notation on Wikipedia and RFC 4632.
  6. Click Save.
  7. Define the directory order, on the 'User Directories' screen, by clicking the blue up- and down-arrows next to each directory. The directory order has the following effects:
    • The order of the directories is the order in which they will be searched for users and groups.
    • Changes to users and groups will be made only in the first directory where the application has permission to make changes.

2. Set up Stash to connect to JIRA

  1. Log in to Stash as a user with 'Admin' permission.
  2. In the Stash administration area click User Directories (under 'Accounts').
  3. Click Add Directory and select Atlassian JIRA.
  4. Enter settings, as described below.
  5. Test and save the directory settings.
  6. Define the directory order, on the 'User Directories' screen, by clicking the arrows for each directory. The directory order has the following effects:
    • The order of the directories is the order in which they will be searched for users and groups.
    • Changes to users and groups will be made only in the first directory where the application has permission to make changes.

3. Set up Stash users and groups in JIRA

In order to use Stash, users must be a member of the Stash-users group or have Stash global permissions. Follow these steps to configure your Stash groups in JIRA:

  1. Add the stash-users and stash-administrators groups in JIRA.
  2. Add your own username as a member of both of the above groups.
  3. Choose one of the following methods to give your existing JIRA users access to Stash:
    • Option 1: In JIRA, find the groups that the relevant users belong to. Add those groups as members of one or both of the above Stash groups.
    • Option 2: Log in to Stash using your JIRA account and go to the administration area. Click Global permissions (under 'Accounts'). Assign the appropriate permissions to the relevant JIRA groups. See Global permissions.

Connecting Atlassian Stash to JIRA for user management is not sufficient, by itself, to allow your users to log in to Stash. You must also grant them access to Stash by using one of the above 2 options.

We recommend that you use groups instead of individual accounts when granting permissions. However, be careful not to add more users to those groups that your Stash license allows. If the license limit is exceeded, your developers will not be able to push commits to repositories, and Stash will display a warning banner. See this FAQ.

See also this  information about deleting users and groups  in Stash.

Server settings

Setting

Description

Name

A meaningful name that will help you to identify this JIRA server in the list of directory servers. Examples:

  • JIRA Service Desk Server
  • My Company JIRA

Server URL

The web address of your JIRA server. Examples:

  • http://www.example.com:8080
  • http://jira.example.com

Application Name

The name used by your application when accessing the JIRA server that acts as user manager. Note that you will also need to define your application to that JIRA server, via the 'Other Applications' option in the 'Users, Groups & Roles' section of the 'Administration' menu.

Application Password

The password used by your application when accessing the JIRA server that acts as user manager.

JIRA server permissions

Setting

Description

Read Only

The users, groups and memberships in this directory are retrieved from the JIRA server that is acting as user manager. They can only be modified via that JIRA server.

Advanced settings

Setting

Description

Enable Nested Groups

Enable or disable support for nested groups. Before enabling nested groups, please check to see if nested groups are enabled on the JIRA server that is acting as user manager. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.

Enable Incremental Synchronization Enable or disable incremental synchronization. Only changes since the last synchronization will be retrieved when synchronizing a directory.

Synchronization Interval (minutes)

Synchronization is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is 60 minutes.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport