Using LDAP To Authenticate Atlassian Jira

By Greg Keller Posted December 23, 2014

Disclaimer: The information in this blog is from 2014 and no longer current. To learn more about how to use LDAP to authenticate to Atlassian Jira, visit JumpCloud’s page covering Cloud LDAP. You may also visit our Help Center where we have up-to-date documentation covering how to use LDAP-as-a-Service and how to set up SSO for Atlassian Cloud.

Atlassian Jira is a leading application for issue tracking, bug tracking and project management. Managing users for Jira can be a manual chore resulting in extra time and effort – and, potentially a security risk. The on premise deployment of Jira natively supports managing users through LDAP. By connecting Jira to LDAP via Directory-as-a-Service, IT admins benefit in a number of ways:

  • One central place to manage your users – saves time and effort
  • Your users effectively get single sign-on for their technical applications
  • Increased security – reduced risk of users having access that shouldn’t

JumpCloud’s Directory-as-a-Service makes it easy to manage Jira users. Through our hosted LDAP solution, users can be populated in our directory and then Jira can authenticate users via a secure LDAP endpoint with minimal configuration necessary on the application side.

Here’s how to manage Jira users with JumpCloud:

BEFORE YOU BEGIN:

The documentation below is no longer up-to-date. We’ve made a lot of progress on the JumpCloud Directory-as-a-Service platform since this blog post was published in 2014. For the most up-to-date information on how to use JumpCloud’s LDAP-as-a-Service, visit our Knowledge Base here. For setting up SSO with Atlassian Cloud, go here.

ADDITIONAL NOTE:

If you haven’t done so already, please sign up for the JumpCloud service here. You can evaluate this entire process below with no commitment. We give you 10 free users forever.

Step 1: Creating a BindDN Service Account

To use JumpCloud’s LDAP service, you must create a BindDN so the Atlassian service can be authorized to scan the Users and Groups within JumpCloud’s Directory. You will see that Service Account named ‘ldapuser’ in the screenshots below…but the name of the service account is entirely up to you. You can learn exactly how to do that here in this tutorial.

Step 2: Creating Users within the Directory

As JumpCloud’s Directory-as-a-Service will be the LDAP-accessed authoritative source of users in this tutorial, you will need to add users to the directory so they may be imported into Atlassian. You can learn exactly how to do that here in this tutorial.

Step 3: Configure Jira to authenticate to the JumpCloud LDAP endpoint

Click on “Administration”, then “User Management”, then “User Directories” in the Jira console.
Click “Add Directory”.

Jira 1

Choose “LDAP” at the “Directory Type” prompt.

Jira 2

In this configuration section enter the settings as follows.
Server Settings:

Name: [Enter any name here]

Directory Type: OpenLDAP
Hostname: ldap.jumpcloud.com
Port: 636 & check SSL
Username: uid=<YOUR LDAP BINDING USER>,ou=Users,o=<YOUR ORGANIZATION ID>,dc=jumpcloud,dc=com

(NOTE: Remove “<” and “>” brackets above when inserting your data)

(For more information on LDAP Binding User, please read this article)

Password: Password for YOUR LDAP BINDING USER

LDAP Schema:

Base DN: ou=Users,o=<YOUR ORGANIZATION ID>,dc=jumpcloud,dc=com
Additional User DN: Can be left blank
Additional Group DN: Can be left blank

LDAP Permissions:

Choose – Read Only, with Local Groups

Default Group Memberships: jira-users

See below for Details…

jira1

Advanced Settings:

jira2

User Schema Settings:

jira3

Group Schema Settings

jira4

Membership Schema Settings

jira5

Step 3: Verify JumpCloud authentication with Jira
Enter in the username and password for the LDAP Bind User utilized for the connection.

jira6

Click on “User Directories” and you will see the note “Never synchronized”

Jira 8

Click on ‘Synchronize’…

Jira 9

Now, return to the Atlassian dashboard and select to see the list of users. You will see your JumpCloud users imported, for example:

Jira 10

In the configuration above, we configured the group “jira-users” by default. After a user logs in successfully, they are added to this group. For example after Jane DBA logs in, this page is updated as such:

Jira 11

Instead of standing up your own LDAP system or managing it, you can easily leverage JumpCloud’s hosted LDAP service, all part of Directory-as-a-Service. Connect it to all of your critical apps, and you are good to go. Your users will also appreciate this, as their single account can now be used for technical applications as well.

If you are utilizing Jira within your organization and want to simplify the user management for it – and increase security – give JumpCloud a try. We offer 10 free users forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts