Yes, indeed another supporter of this feature.

You (Atlassian) really need to bump this up the priority ladder! This is now the 4th business I have been in within as many years that requires this feature. Duplicating groups across from AD to Atlassian is a time consuming task and a manual one at that. In a world increasingly more automated and with security in mind, It is simply unacceptable for Atlassian to continue to see this as low priority task.

It really is about time the Cloud based products grew up and offered this feature and quickly too!

Thanks

D

Yet another, been waiting for years for this to be supported. As with so many of your customers, we're now actively looking to move away from JIRA, service desk, confluence and bamboo. Shocking

I am shocked this feature isn't a priority after many years. It would help us greatly.

"If our backlog changes and this becomes a priority" - it might not be a priority for you, and it's largely an annoyance rather than a show stopper for day-to-day users, but for a lot of people who make purchasing decisions it's a red line.

This might be one of those times when user feedback isn't the issue, it's feedback from people who might have paid for JIRA rather than (e.g.) TFS, but who've ended up going with TFS. The decision makers who control the software budgets are your primary stakeholders here, no-one else.

We need te connect our active directory for jira, portfolio and service desk cloud to avoid redundant user accounts. Thank you.

Thanks for your great products.
Please, can you add Active Directory to BitBucket Cloud edition ???
We need it !!!

It does not. You cannot use Crowd in a Cloud installation

Does anyone know if Atlassian Crowd will resolve this issue?

LDAP authentication is an absolute requirement for my company to utilize tooling. No LDAP integration = no purchase.

See ID-80 for a response from Atlassian - top blue panel and supporting comments from today:|.

I wish this was an official JIRA change, but it's not. I worked around the feature gap by writing a script that uses the JIRA API to get all active users and compares them against an internal Active Directory. Anyone not active in AD is deactivated in JIRA. It's not perfect, but it does the trick. Source code is shared on GitHub: https://github.com/katonahmike/jira-ldap-sync

You got me excited then, until I realised that you are not talking about an official change

I needed to do some cleanup to make this available for public consumption. It's close. I should have something to share before Friday.

This is a blocker for us. We would sign-up tomorrow if it was in place. For now we are stuck with on-premises and multiple VPN tunnels.

Let's hope...

Thanks @michael.hicks
I have a feeling this could be a game-changer for many of us.

I'll post the script on Github later this week

@michael.hicks any chance of you sharing that script on github minus of course the proprietary info? Just knowing it can be done in the painful interim is extremely helpful. I might be following in your footsteps on that one, especially if it could be modified to add the user group information.

+1

I also work at a large organization, and lack of authentication against a central authorization server is painful. The workaround we're using is a script that calls the Atlassian API to check all users in JIRA against our AD server, and highlights any JIRA/Confluence user who is no longer active in AD. Unfortunately this doesn't work for BitBucket.

It would be really nice to see expanded authentication support.

I thought I would provide a perspective from a large organization that uses LDAP and has been evaluating Atlassian cloud as a potential SaaS, we would not be proceeding with a trial as we see no LDAP integration with the cloud as a show stopper. We already run a hosted solution with LDAP integration for 2000+ users.

I would love to hear of any work around for LDAP or SAML integration with the cloud.

The two issues are functionally equivalent, although I originally asked for LDAP integration several years ago.

I think the SAML ID-80 issue is more important, however there does need to be some easy way to provision new users. Actors in a workflow system such as the issue management part of this may need to exist in the system before they first access the system. I've not looked at the provisioning APIs of Atlassian Cloud, because quite frankly, we're migrating away from it. Why are we migrating away from it? A combination of things - but we've outgrown the usability component of it, don't like the billing model, and don't like the way that issues such as this, ID-80, and that appalling round logo issue in Confluence linger - the responses to which show what kind of disdain they treat intelligent customers.

Good luck with the IPO guys - I'm sure the co-founder CEOs that are the darlings of the Australian media will get mega-rich, but not sure what the future holds when most new products seem to be clunky additions to JIRA.

Well, to be fair. This issue was opened in 2009 and the SAML issue was opened in 2014. But at the rate of attention that Atlassian is giving it, the solution may end up actually using oAuth7. /sigh

Remember there are two related issues in the Identity project (linked above, but reprinted below)...So, it's a heck of a lot more than 400 votes on just ID-79;-|. For whatever reason, this ticket has gotten more viewers/comments than the other one. Either way, yes, SAML or OpenID are the standards. No modern anyone would expect a direct LDAP integration.

https://jira.atlassian.com/browse/ID-80

I agree! I don't think direct LDAP integration would be ideal, it should be SAML or OpenID. Regardless, it's nearly impossible to deploy Cloud to my entire organization, it would become a support nightmare without some sort of SSO capability. I suppose I could go with on-prem Altassian products, but I'm trying to avoid managing any additional servers.

Another thing, and why is this ticket only a "Suggestion"??? There is not a single enterprise company out there that would not want this.

Paul,

@@#$#$^## is an understatement but I'm with you.

The Summit emphasis was on their Cloud products and growing out that infrastructure, yet made not a single mention of LDAP integration. The lack of a proper acknowledgement on critical needs such as this (and this applies across their products) is unacceptable for a company that prides itself on acting on customer feedback. I am well aware there are tons of custom-type feature requests from customers and those cannot be made a priority. However, all of my pending requests (check your records) are for needs or fixes that are critical to Continuous Integration.

Through some other channel I got a cryptic message that they recognize this as an issue and are working on it, but it was very nebulous. Still, why not comment here about it?

Its got more than double the votes of the next most voted for issue in the Identity project. Why this has not gained any traction mystifies me. Please Atlassian - throw us a bone here. Are you working on it and if not, why not?

This really does need escalating, or at least a clear reason for why it has not been prioritized.

@ronchan: Since you were at the summit this month, what was the general statement made by Atlassian on this topic? Did they have anything to say at all?

I'm not even sure Ms. Helen Hung is the PO for the product, but regardless this old status needs some love please!!!!???@@#$#$^##

Can someone please explain to me how a 6 year old request with nearly 400 votes doesn't get a single response from Atlassian? Our company's plan to move to the Atlassian Cloud has been on hold for 2 years running and our patience is wearing quite thin. I've attended the Summit for the last 3 years (this year was likely my last) and not surprisingly, a large number of enterprise customers I have spoken to have expressed the same frustration. Many have moved on (Jenkins seems to be a popular choice) and the rest are on the verge of doing the same, including us. I can only imagine how much revenue from Enterprise customers you're losing for not even addressing this critical need.

https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=28923
https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=28624
https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=31070

I assume these are all for on-premise? I'd love to see how they did it otherwise.

Atlassian, about to go IPO, is valued @ $3.3BB and yet continues to hold on this feature. I don't see how implementing Atlassian ID across its products outweighs the general market expectation for the organization to act as an identity provider via saml...

Anyway, anyone here have information from the summit on this topic, please do share.
https://www.atlassian.com/company/about/events/summit/2015/sessions/

We've been using Atlassian Cloud and are about to scale up to thousands of users, however without some sort of SSO/Identity integration it is a deal breaker. This should be standard on any cloud offering, I'm amazed that Atlassian are happy to let so much revenue slip through their fingers.

Our company certainly wants it; it's a pretty big deal breaker for a lot of people.

Have faith; Summit is 2 days away! I mean, don't hold your breath or anything but we can hope!

I cannot believe this isnt done yet, everything has at least LDAP.

re:

I was ready to begin planning my company's move to Atlassian cloud services until I discovered this. I hope Atlassian will prioritize this soon. It's a glaring hole in your feature set, and one that many service providers upon which I relay have long since solved.

Please be patient Stephanie Simpson. This issue was only raised 7 years ago.

I was ready to begin planning my company's move to Atlassian cloud services until I discovered this. I hope Atlassian will prioritize this soon. It's a glaring hole in your feature set, and one that many service providers upon which I relay have long since solved.

We looked at one login but it requires browser extensions to be rolled out which is a blocker for us. At the moment the lack of support for this means we have chosen an alternative supplier for service desk and will likely not stay with JIRA for much longer

We've given up on it. We're moving all our functions to more progressive and focused suppliers and using Azure AD as our federation hub for them.

To answer Mathew Joseph's comment, I have integrated Atlassian Cloud with our Azure AD tenancy, using password vaulting. It's an awful solution (password vaulting, not Azure AD), it doesn't supported automated provisioning and I can't wait to turn it off.

Indeed, I started looking into other options. At the end of the day it meets the needs of a small team, but not the whole organization which is a shame. So for now, it stays with a small team.

To be honest, it's surprisingly short sighted for a progressive company like Atlassian to overlook (and not prioritize) such a critical and highly in demand feature.

This is a blocker for a lot of companies, including mine.

Has anyone used other services like OneLogin, Bitium, etc to achieve this? Are other services even capable of providing SSO into the JIRA Cloud instance?

This blocker has been going on 2+ years for our company.

This is a critical feature for my organization as well and looking like it may be a blocker for our move to cloud.

Cross linking this comment from this related ticket:
https://jira.atlassian.com/browse/ID-80?focusedCommentId=793224&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-793224

I wouldn't hold your breath! Atlassian's solution seems to be... host it yourself, go have one of our partners host it for you, or switch to Google Apps and use that for login.

I don't see why SSO support is such an issue especially when Atlassian already has a product like Crowd. I actually started expanding further in Atlassian Cloud and was about to implement JIRA Service Desk but realized it was going to become a management nightmare. I'll just keep the scope of the deployment limited to a few small groups in our org until Cloud can support SSO.

Generally speaking we are advocates of Atlassian products but I cannot understand their apparent lack of direction when it comes to anything Enterprise. An issue like this that has been around for so long with so many votes surely warrants more than posting the regular spiel regarding product roadmap.

John, good luck with that. ID-79 and ID-80 you'd think would be essential for enterprise content and issue management systems. Apparently that isn't Atlassian's target audience.

The management of users in JIRA should be part of regular IT administration within ADFS instead of separate authentication mechanism. The ability to achieve SSO is becoming more important as everybody within the organisation now has access to JIRA/Confluence.

one of our contact will move away coz of that.

Looks like the discussion started Sept 2009. How come nothing happened yet on SSO integrtaion. It is high time SAML integration happen soon.

So if I buy another Atlassian product, I can get SSO with Atlassian products?

Bite the bullet and implement SAML2 or OpenID Connect. Now. It's already too late for a lot of customers.

We're under tremendous pressure to move web-based applications to the cloud, but without LDAP/AD integration, this is a non-starter for us. Although we've been loyal Jira/Confluence for more than 7 years, we may have no choice but to look at other options.

Hi Soulier, could you elaborate a bit?

We use Crowd and want to migrate our Confluence and JIRA to the Cloud, so how would we be able to keep user maintenance in Crowd?

I think this gets covered by using Crowd along with Confluence & JIRA Cloud, which then takes care of provisioning users from your AD into Atlassian, and then to SSO into your Cloud service.

Please consider to implement this feature.
It's 100% necessary if you need to manage your user accounts with single sign-on.

Please consider to implement this feature.
It's 100% necessary if you need to manage your user accounts with single sign-on.

Wow, 6 years and no LDAP. I'm strongly recommending my company to move off of Confluence. For an enterprise wiki, this is like feature #2 to implement. End rant.

Titu, you might be waiting a while. It's not priority, and hasn't been since 2009. Six years of waiting...

Looking forward to this feature.

This is extremely surprising and will prevent us from moving to the cloud version as well. We were ready to kick the project off... This is Cloud 101 for supporting an Enterprise as opposed to startups, can't believe that something like that is not taking a higher priority.

I am going to look into this organization to see what they can provide as a hosted solution (with perhaps an SSO option) at my price point as a Cloud user. This would get me integration with my AD and loads of marketplace goodies not available to the Cloud population. Maybe it's a non-starter, but I'm checking it out this week. If anyone has insight, please share.

http://www.contegix.com/products/managed-application-hosting-atlassian-jira/

This is a showstopper for using Confluence Cloud. I cannot believe that in this day and age a Cloud product cannot or will not integrate with investment in industry standards is very short sighted. Akin to Apple and the ultimate displacement by Android. I now cannot recommend your fantastic product

They should care, it's a matter of adoption. At this point I'm limiting access to 10 people, but I would like to give access to more than 100... Either I'll bite the bullet and self-host or or continue to limit it.

Personally I don't think they care. They have your money already.

this too will keep us from moving to the hosted version

how hard could it possibly be to implement SAML services for JIRA Cloud?

It's difficult to get mass adoption with Enterprise customers not having this feature enabled.

Major +1 vote to have this feature added.

Agreed... we won't move to cloud services without SAML support. As much as I would like to encourage the adoption of more bamboo, bitbucker, jira, hipchat for our employees... without basic authentication integration into our enterprise systems it is a deal breaker. Look up Cox Enterprises and make the business case.

Yes this is a prerequisite for any enterprise customer to consider Jira on-demand. We today buy cloud services and they offer this.

"Single sign-on with Myget? Why not! Have your users login using their Active Directory credentials. We integrate with ADFS and other WS-Federation-based authentication providers." example from myget.org for instance.

Providing this for Jira, will mean that we will consider other services in cloud aswell like confluence, bitbucket and hipchat. But without this there is no deal. Security standpoint here is very important, as well as ease of usage. Just moving my company here would give you the business case, so think this over one more time.

Only about 3 years behind the curve.

Great to see work is being done on this front - wrong service for us (we need something Active Directory can integrate via - e.g. Azure AD), but a step in the right direction.

Awesome, introduce new service just to use corporate accounts.
Maybe Atlassian will think about integrating with Azure AD.

So, those fortunate enough to be on Google Apps and (un)fortunate enough to have Windows Active Directory as the LDAP server will be able to close the gap using the Google Apps Password Sync.

That's strange - in incoming release JIRA will be integrated with Google Apps (https://confluence.atlassian.com/display/Cloud/22+March+2015+to+27+March+2015)....
Maybe LDAP will be next?

In the 6 years since the request it hasn't risen to be in any priority list.

Is there any chance that some work will be done to provide any solution that supports LDAP integration with cloud products?

Crazy decision and short sighted Such a great product but I'll struggle to get the further buy in for new products such as Portfolio and Service Desk without LDAP integration.

Dru, the last blog post on the Crowd website was in 2013. But yes, I agree.

I find this extra humorous given the existence of https://www.atlassian.com/software/crowd/overview

David/Bert, I suspect Atlassian don't give a fig about enterprise users. Their actions over the last few years demonstrate this clearly.

How is this still not a supported feature? How can you provide an "enterprise" Cloud\SaaS that can't integrate with the enterprise for their User Management. Please tell us that this is coming soon. Even if I have to subscribe to a Cloud based Crowd solution that I can then connect my Cloud based Jira and Confluence and anything else (Atlassian or otherwise) to. We currently run Jira, Confluence and Stash hosted in-house for 500+ users, but would really prefer them to be hosted by Atlassian in their Cloud for the high availability and continuos maintenance benefits that everyone expects from SaaS solutions these days. Having someone else host my Atlassian products in the Cloud on IaaS, even if they provide "managed application support", is not the same as Atlassian providing it directly in terms of meeting market expectations.

Today 12:30 PM
Hi David,
Unfortunately, LDAP integration is one of the Restricted Functions on Atlassian Cloud. There's a feature request as you can see on ID-79. You can vote and comment on it in order to increase its visibility.
Please let me know if there's something else I can assist you with
Thanks and regards,
Paula Silveira
Atlassian Support | Cloud
-----------------------------------
how many comments and votes do you need to get it working?

I think both might be needed - SAML is good for access, but in some cases you need to be able to provision users ahead of time. JIT provisioning doesn't suit every need. I do suspect that there is enough API to allow an enterprise to develop their own provisioning solution, however, so I would prefer more effort placed on SAML.

I agree, it needs to be a SAML solution. Anything else is really insecure. Syncing your passwords into the cloud is a really really bad idea. Most enterprises wouldn't allow it.

We pay for a cloud hosted product that should provide this functionality - paying extra is not an option - Atlassian need to provide appropriate tools or we need to find other tools that are more appropriate for running in 2014!

Hi everybody,
so Atlassian won't deliver this integration in the short term.

I am an independent developer. How much would you willing to pay me for the development and hosting of the following service:

• Enter JIRA Rest URL, admin username and admin password
• Enter LDAP URL, admin username and admin password, root node distinguish name (password need to be stored in plaintext)
• Enter scheduling interval

The service will synchronize the LDAP user tree with the JIRA user database in the given scheduling interval.

I would guess it would take me around 20 days to develop a basic version.

/Manuel

It might be better if all the effort on encouraging action on cloud authentication went on encouraging SAML integration, see https://jira.atlassian.com/browse/AOD-7183.
Use of LDAP over public internet connections is not a great solution whereas SAML 2.0 is designed to do that.
We are desperate for something Atlassian - suggesting we run on premise suggests you are not confident in your ability to run cloud solutions - if this is the case you should withdraw the service.

It's also never forced anyone to change passwords due to age...

People want OnDemand because it is cheap and convenient and does almost everything that they want it to do, hiring another company to manage the on-premise solution can literally cost hundreds of thousands of dollars over a multi-year period... @ Brad Shulz, yes and OnDemand still doesn't enforce password strength either...

Software is one of the most valuable and important assets a company has these days. Unbelievable that Atlassian isn't even working on security - arrogant enough to believe that their system, with no SSO, and insufficient tools to effectively manage larger numbers of users, is secure.

Zendesk support both JWT and SAML: https://support.zendesk.com/hc/en-us/articles/203663826-Single-sign-on-SSO-options-in-Zendesk#topic_ftf_knm_yj

We are evaluating the Atlasssian suite for our company: This is an absolutely mandatory feature. If we are going to purchase and standardize on Atlasssian, we need single sign on. It's not feasible for us to manage multiple accounts across all of the different platforms out there.

It's really disappointing, I am going through a tech. solutions analysis for a client right now and including Atlassian...honestly I was totally surprised when I saw that this was still lurking around. I remember seeing this talked about maybe 3 years ago...thought it would of been implemented by now. Guess not!

I along with a lot of other people are really disappointed in Atlassian and I will no longer be evangelising their products. I'm mean really, 5 years and 200+ votes and it's not on their radar. It's really quite laughable.

A lot could of happened in 5 years, LDAP should of been one of them...