Migrating from External Directory to Jira Internal User Directory
If your Jira instance currently uses LDAP or a Crowd application for user management, you can revert to internal user management as described below. If your Jira instance has only a few users, it is easier to recreate the users and groups in Jira manually. If you have a large number of users and groups, it is more efficient to migrate the relevant users and groups into the Jira Internal directory.
All the options provided below will reset the affected users' passwords. When done, be sure to notify them to use the 'Reset My Password' link on the Jira log in page before they attempt to log in.
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Option 1 – Manually Recreate Users and Groups in Jira
Use this option if you have only a few users and groups.
- Log in to Jira as a Jira system administrator.
- Go to the user directories administration screen and move the internal directory to the top of the list of directories, by clicking the arrows in the 'Order' column.
- Make sure that you have at least one user from the internal directory in each of the Application Access groups.
- You can find out which groups are providing Application Access by browsing to Administration >> Applications >> Application Access
- Make sure that you have a username in the internal directory with Jira system administrator permissions (Administration >> System >> Global Permissions).
- If you do not have such a user, add a new one now, and log out of Jira.
- Log back in as the user you just added, and go back to the user directories administration screen.
- Disable the 'External Directory' directory.
- Manually create the required users and groups in Jira. They will be added to the internal directory, because you have moved it to the top of the list of directories.
- If you have assigned Jira permissions to a group which exists in your LDAP or in the External Directory, you must create a group in Jira with the same name.
- If a user who exists in your LDAP has created content or has had permissions assigned to them in Jira, you must also create that user in Jira.
- Add the users to the required groups.
Option 2 – Third-Party App
The App User Management for Jira provides additional user managements features, such as the ability to migrate users from external to internal directory.
Depending on the size of your instance and considering the database manipulation risk, it might be a better approach.
Option 3 – Transfer LDAP/Crowd application Users and Groups to the Jira Database
This should be used as a last resort only when the previous options are not viable. This method is not supported. The Atlassian Support team won't be able to assist you with this process.
We strongly recommend trying this in a test environment, and then making a full backup of your database before deciding to deploy the change in your production environment.
User content is associated through the app_user:user_key
value, so the user's content should remain associated with them after the changes below. The app_user
on its hand is associated back with the cwd_user
table through the lower_user_name
value.
There are apps on our marketplace that ease the migration of users between directories, without you requiring to perform the complex workaround below. We suggest that you evaluate these apps before proceeding with the option below.
Use this option to migrate External User Directory (LDAP or Crowd applications) users into the Jira database. You need a knowledge of SQL to perform this task.
The SQL commands given below are tailored for MySQL. If you are using a database other than MySQL, you will need to modify the SQL to work in your database.