Narmada, is there another ticket somewhere to have Atlassian provide an LDAP solution built into the core product?  This seems like a miss on the part of Atlassian to only have this feature as a HUGE additional expense to purchase licenses for Atlassian Access.  Many other similar tools have LDAP / Azure AD integration as part of their core packages.  Please advise if this is on list for future builds.  Thank you. 

Narmada, Your link doesn't work, although I have found that https://www.okta.com/partners/atlassian/. It took me some time to gain knowledge of how to connect AD on-premise with Jira Cloud but thank to this ticket -> Okta choice I think I will be able to do so (reduced cost in comparison to Azure AD).

Hi everyone, 

We have shipped an integration with OKTA to enable Atlassian Access customers to connect to LDAP servers at no additional cost. 

Regards,

The Atlassian Access team

I would appreciate any update on this.

Thank You

ETA?

Need to spend an additional 22K to get this annually for a site of 1400 users!.  No thank you.   https://confluence.atlassian.com/cloud/pricing-and-billing-for-atlassian-access-948237309.html

This sounds promising but I'm still confused and need to understand how to handle user management and SSO with other systems (e.g. a BI tool embedded in a confluence app) when you don't own a domain and users are not from the same organization.

also posted to the community as well as we're at a total loss here https://community.atlassian.com/t5/Confluence-questions/Atlassian-Cloud-user-management-and-SSO-for-external-not-in-our/qaq-p/1031628

Do we need to subscribe to "Atlassian Access" for each user for $3.00/month to "help reduce costs by ensuring you are not billed for users who are no longer active" i.e. save $7.00 when someone leaves the company (doesn't happen very often)?

In that case, I don't think that I will do much savings...

Closed after 2029 years?

Do you have an ETA on the Azure AD Integration?

Thank you!

woohoo congrats!!!

awesome

Hi everyone,

We're pleased to announce that documentation for the User provisioning (SCIM) API is now available on developer.atlassian.com. The API is an implementation of the SCIM specification and is intended to be used to sync users and groups from an identity provider to an Atlassian organization. Once you have linked an Atlassian Cloud site (like example.atlassian.net) to your organization, users and groups will be synced to your site and you can use them to control access to Jira and Confluence Cloud as well as permissions within those products. Learn more about how automatic user provisioning works with Atlassian Cloud.

There are several key benefits to automating user provisioning for Atlassian Cloud:

• It saves you time as an administrator by automating the process of creating and removing Atlassian accounts for your users
• It improves security by reducing errors in the provisioning/deprovisioning process
• It can help reduce costs by ensuring you are not billed for users who are no longer active

The SCIM API is intended for customers who are not already using one of our supported identity providers. We currently support Okta and are actively working on support for Azure Active Directory and Onelogin. If you are using one of these identity providers, we recommend using the supported Atlassian app for these identity providers as this will simplify the configuration process.

We're actively working in this area and will share another update when support for additional identity providers is available.

Regards,
Dave Meyer
Atlassian Access Product Management

sam.caldwell,

This ticket is in progress and so I can't comment on your question.

You may want to review the ticket https://jira.atlassian.com/browse/ID-6305 . It's not exactly the direct LDAP integration with AD that you are looking for, but it's in the same domain. Essentially using Atlassian SCIM APIs and a supported IdP (or custom script) you can manage your Atlassian domain-claimed users and groups via Active Directory. 

@vsankin, 

Hey, I see that ID-6563 is linked here but closed as a duplicate.  Is this ticket's functionality going to include mapping of AD groups to AA groups?  We have an interest in that mapping functionality on this end.

@Gabriel Viger - My guess is the status is BDOT - Busy Doing Other Things 

So..... 9 years later.... what is the status? 

damon.gaylor have you seen: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/atlassian-cloud-tutorial

Also: https://confluence.atlassian.com/cloud/saml-single-sign-on-943953302.html

Looking for a status update, we use Azure

Hi there, please give us a status update on when to expect the functionality. Much appreciated.

tamas.csabina - We have made good progress and we are currently running internal tests on SCIM API's (https://jira.atlassian.com/browse/ID-6305) . This will be progressively integrated with major IDP's to support auto provisioning and de-provisioning. We will update the issue as soon as we have it in production. 

thanks,

Adarsh,

Product Management, Atlassian 

Any official Atlassian update on this item would be really useful!

I see the 'status' from last year December. But seeing no recent Atlassian response, I might feel that this is something that will remain 'in progress' forever. I hope I am wrong.

Jumpcloud ( IDP ) if not already mention

Atlassian just launched https://www.atlassian.com/enterprise/cloud/access

Seems just agents should be paid for, this is written in the FAQ:

With Jira Service Desk, do I pay for just my agents?

You'll only pay for the agents within your organization. Employees who only request help on the Jira Service Desk portal and are not licensed on any Atlassian Cloud product will not be billed for.

Can I beta this? We just purchased Cloud license and want to move about 30-40 projects from Server over to Cloud.... 

It stops us from moving more projects away from Server and would help us transition and you make $3 a month off of our 1300 users! 

Come on Atlassian the pricing for Identity Manager is crazy. I'm keen to move away from Server onto the Cloud solution but this is a potential show stopper. I can license an unlimited number of users on Crowd for a fraction of the price of IM.

Johan Jansson, this is possible but very expensive.

You have to pay an extra license for everybody signing up... Look at https://community.atlassian.com/t5/Identity-Manager-questions/SAML-for-Service-Desk-customers/qaq-p/727915 for details.

Is Identity Manager a beta on this feature? If so would if be possible to use SSO for Jira Service desk Customers in the cloud version?

Not having single sign-on capabilities for Service Desk portal-only customers is a show-stopper for our migration to Jira Cloud.  This functionality is required for us to proceed.  (We use Centrify for all of our SSO access for many other applications.)

Please hurry on making these connections available - we've already had to wait over a year to move to cloud due to this functionality gap!

fast please

https://getsupport.atlassian.com/browse/PA-46302

#wearethe99percent

This is a very high priority feature for us as well.

I completely agree with @Daniel Inderbinen. We are currently a Service Now customer.  We are trialing Jira Service Desk.  Big fan so far and would love to move off of Service Now, but not being able to have users sign in with their network username and password, would be a show stopper for me.

i agree with all, for me this is a show stopper .. i simply can't roll out a solution without a single user db .. 

Even some acknowledgement/Update would be good!

I think the priority needs to be raised from Medium to high if I'm honest. 

True that...

Hey... any news .. Single source of true is needed for a running company  

Also voting for this! Let me know if there’s a beta

ADFS Support, please.

Any Ldap-based thing should work...

Azure AD is already on the way with identity manager, but if there are other directories...just take LDAP.

I would like to cast a vote for JumpCloud integration.

any news on that?!

Jumpcloud would be of interest to us

1. PA-41407

Thats awesome, was not aware

However, of course, there is a caveat of having to pay for another product. Nickle and dime...

charles1094789006 ID-80 is in beta.

Another vote here. What is so hard about SAML and ADFS? https://msdn.microsoft.com/en-us/library/bb897402.aspx 

Glad this enhancement is moving!

Jumpcloud would be great and help us out!

It would be great if we have ADFS support. 

Thanks Nick... they are on our backlog to work with after initial deployment.

'Ping' would also be another valuable one to add to the list.
https://www.pingidentity.com/en.html

Hi everyone,

Thanks so much for all your votes, feedback, and comments. Here's a quick update on the status of this feature.

Atlassian Cloud Identity platform is actively developing a suite of External Directory Sync APIs. Whilst we don't have a confirmed delivery date at this stage it is currently under way.

We are currently implementing our APIs using the SCIM standard. If you have a strong preference for another way of doing an external directory sync it would be great to hear that in the comments below.

We are actively working with the following cloud identity providers to support their platforms with our solution:

• Microsoft AzureAD
• Okta
• OneLogin
• Centrify

If you have a specific desire to include a specific cloud IDP we would love you to call it out in the comments below.

Here's another upvote for this request.  How many do you need to set the priority higher?

+1

Also wondering how why this very basic feature is not implemented

Feature Request

Prohibitive security practices prevent me from opening access to corporate LDAP.

I'd like to be able to take a dump from an LDAP query from behind my prohibitive security and then feed this into Jira Cloud via a daily POST from cron.

Hi, I have a need for LDAP specifically because I want to have a distributed team, which is a mix of contractors and employees (i.e., with different @xayz.com email addresses), who also access other cloud resources that support LDAP, while we manage identities and access from a DAAS.

I do not want to manage the JIRA server, and am happy to pay the ongoing access fee, hence why the LDAP support in the server version, isn't as desirable as it is in the cloud version.

Bump. Would really like some kind of directory integration for the cloud solution. I don't care if it is LDAP or SAML 2 or whatever, just please add something soon.

Integration with AD may be too much of a security risk for us. However, when we perform a backup on our self-hosted solution, and then do a restore to our cloud version, it would be nice if that process included all the AD users, even if only a part of the information, such as username. Then, we can fill in the rest of the information on the cloud side. This would be a useful tool as a start. We would probably never use it, since we are in the process of migration now, and don't plan on doing this again.

+1 +1 +1 +1

I really can't understand why it takes so long to Atlassian to recognize this is a top priority for so many companies. In theory, Atlassian monitors these issues, and modulates the new features road-map based on how many votes gets each. So, @Atlassian, do you hear us? Can you provide/update your official statement from 2014? So many things have changed, that I find incredible that an issue with 719 votes (so far) gets silenced.

My company has begun using several Atlassian applications recently, and we're very happy in general. We were hoping to add JIRA Service Desk (Cloud version) as well, but I can't see doing it without LDAP / AD integration. We're a large company and need a simple way to pre-populate certain user information. If we try to introduce a solution that would require users to enter all their personal info manually, we'd never get out of the starting blocks.

My hypothesis is that, for a number of business reasons, SAML 2.0 is Atlassian's top priority Identity Management solution going forward. I understand why that might be the case.  But lack of LDAP as an external solution for Identity Management in the Atlassian Cloud forces us to host our own servers.

On a related note, I predict that Crowd will be phased out at some point in the future. That's too bad for us; We used Crowd and LDAP connectors for Single Signon to our integrated suite of Atlassian applications and we're not a position to support SAML 2.0.

Hi,

+1

The usage of LDAP Authentication is really critical for companies. JIRA has already 3rd party authentication and you have the LDAP integration at the self hosted version. Maybe you can start with a simple LDAP login without role management, this should be easy for you? 

This ticket is unmoderated and ignored since years? Can you give at least a moderation or a ETA?
In the votes for the tickets there are lot of companies who need the LDAP / AD support as well. It needs 8 years to implement a feature which is critical for companies. 

Please consider to implement this feature

Please notice that SAML SSO is already available. See the below documentation for details:

• SAML single sign-on

Best Regards,
Dario
Atlassian Cloud Support

Shane- thanks for the response about OneLogin. Yes we are hoping for SAML as well. I cast my vote for that.

~nbennett :

I would recommend against that. Essentially it is a "password vaulting" solution - the passwords for accounts are retained by OneLogin and are replayed by browser plug-ins.  ID-80 using SAML 2 integration (if they ever iron out all the problems) is a far better solution if that's what you need. It still won't give you deep AD integration, though - you would still need n identity solution if you need to do any group management, attestation or privileged account management.

Atlassian's cloud documentation (link below) states  "To connect AD to Atlassian Cloud you can try Secure access add-on by OneLogin."

https://confluence.atlassian.com/confeval/other-atlassian-evaluator-resources/atlassian-cloud-authentication-saml-sso-google-apps-atlassian-account-and-ldap

It is not clear from the soft wording in that statement that this actually works (note the word "try" ). Has anyone had any success doing an LDAP integration with Atlassian Cloud using this OneLogin add on that is mentioned above? https://www.onelogin.com/connector/atlassianondemandonelogin

LDAP authentication will be critical requirement, since it provides good security on access management / user management.
Kindly consider the same