True that...

Hey... any news .. Single source of true is needed for a running company  

Also voting for this! Let me know if there’s a beta

ADFS Support, please.

Any Ldap-based thing should work...

Azure AD is already on the way with identity manager, but if there are other directories...just take LDAP.

I would like to cast a vote for JumpCloud integration.

any news on that?!

Jumpcloud would be of interest to us

1. PA-41407

Thats awesome, was not aware

However, of course, there is a caveat of having to pay for another product. Nickle and dime...

charles1094789006 ID-80 is in beta.

Another vote here. What is so hard about SAML and ADFS? https://msdn.microsoft.com/en-us/library/bb897402.aspx 

Glad this enhancement is moving!

Jumpcloud would be great and help us out!

It would be great if we have ADFS support. 

Thanks Nick... they are on our backlog to work with after initial deployment.

'Ping' would also be another valuable one to add to the list.
https://www.pingidentity.com/en.html

Hi everyone,

Thanks so much for all your votes, feedback, and comments. Here's a quick update on the status of this feature.

Atlassian Cloud Identity platform is actively developing a suite of External Directory Sync APIs. Whilst we don't have a confirmed delivery date at this stage it is currently under way.

We are currently implementing our APIs using the SCIM standard. If you have a strong preference for another way of doing an external directory sync it would be great to hear that in the comments below.

We are actively working with the following cloud identity providers to support their platforms with our solution:

• Microsoft AzureAD
• Okta
• OneLogin
• Centrify

If you have a specific desire to include a specific cloud IDP we would love you to call it out in the comments below.

Here's another upvote for this request.  How many do you need to set the priority higher?

+1

Also wondering how why this very basic feature is not implemented

Feature Request

Prohibitive security practices prevent me from opening access to corporate LDAP.

I'd like to be able to take a dump from an LDAP query from behind my prohibitive security and then feed this into Jira Cloud via a daily POST from cron.

Hi, I have a need for LDAP specifically because I want to have a distributed team, which is a mix of contractors and employees (i.e., with different @xayz.com email addresses), who also access other cloud resources that support LDAP, while we manage identities and access from a DAAS.

I do not want to manage the JIRA server, and am happy to pay the ongoing access fee, hence why the LDAP support in the server version, isn't as desirable as it is in the cloud version.

Bump. Would really like some kind of directory integration for the cloud solution. I don't care if it is LDAP or SAML 2 or whatever, just please add something soon.

Integration with AD may be too much of a security risk for us. However, when we perform a backup on our self-hosted solution, and then do a restore to our cloud version, it would be nice if that process included all the AD users, even if only a part of the information, such as username. Then, we can fill in the rest of the information on the cloud side. This would be a useful tool as a start. We would probably never use it, since we are in the process of migration now, and don't plan on doing this again.

+1 +1 +1 +1

I really can't understand why it takes so long to Atlassian to recognize this is a top priority for so many companies. In theory, Atlassian monitors these issues, and modulates the new features road-map based on how many votes gets each. So, @Atlassian, do you hear us? Can you provide/update your official statement from 2014? So many things have changed, that I find incredible that an issue with 719 votes (so far) gets silenced.

My company has begun using several Atlassian applications recently, and we're very happy in general. We were hoping to add JIRA Service Desk (Cloud version) as well, but I can't see doing it without LDAP / AD integration. We're a large company and need a simple way to pre-populate certain user information. If we try to introduce a solution that would require users to enter all their personal info manually, we'd never get out of the starting blocks.

My hypothesis is that, for a number of business reasons, SAML 2.0 is Atlassian's top priority Identity Management solution going forward. I understand why that might be the case.  But lack of LDAP as an external solution for Identity Management in the Atlassian Cloud forces us to host our own servers.

On a related note, I predict that Crowd will be phased out at some point in the future. That's too bad for us; We used Crowd and LDAP connectors for Single Signon to our integrated suite of Atlassian applications and we're not a position to support SAML 2.0.

Hi,

+1

The usage of LDAP Authentication is really critical for companies. JIRA has already 3rd party authentication and you have the LDAP integration at the self hosted version. Maybe you can start with a simple LDAP login without role management, this should be easy for you? 

This ticket is unmoderated and ignored since years? Can you give at least a moderation or a ETA?
In the votes for the tickets there are lot of companies who need the LDAP / AD support as well. It needs 8 years to implement a feature which is critical for companies. 

Please consider to implement this feature

Please notice that SAML SSO is already available. See the below documentation for details:

• SAML single sign-on

Best Regards,
Dario
Atlassian Cloud Support

Shane- thanks for the response about OneLogin. Yes we are hoping for SAML as well. I cast my vote for that.

~nbennett :

I would recommend against that. Essentially it is a "password vaulting" solution - the passwords for accounts are retained by OneLogin and are replayed by browser plug-ins.  ID-80 using SAML 2 integration (if they ever iron out all the problems) is a far better solution if that's what you need. It still won't give you deep AD integration, though - you would still need n identity solution if you need to do any group management, attestation or privileged account management.

Atlassian's cloud documentation (link below) states  "To connect AD to Atlassian Cloud you can try Secure access add-on by OneLogin."

https://confluence.atlassian.com/confeval/other-atlassian-evaluator-resources/atlassian-cloud-authentication-saml-sso-google-apps-atlassian-account-and-ldap

It is not clear from the soft wording in that statement that this actually works (note the word "try" ). Has anyone had any success doing an LDAP integration with Atlassian Cloud using this OneLogin add on that is mentioned above? https://www.onelogin.com/connector/atlassianondemandonelogin

LDAP authentication will be critical requirement, since it provides good security on access management / user management.
Kindly consider the same

Hi remash.palikhe,

The documentation you are pointing to is for Server. While this request is to have the same functionality added to Cloud.

For details see:

• Pros and Cons of Cloud vs. Server

Best Regards,
Dario
Atlassian Cloud Support

hi Guys, 

Can you please check the link below ? 

It guides you how to configure LDAP directory . 

https://confluence.atlassian.com/adminjiraserver071/connecting-to-an-ldap-directory-802592350.html

Only problem I have is I cannot get to User directory section because I need Global permission . 

I dont know why this guide is there in the internet if LDAP is not possible. 

Please let us know . 

Regards

Remash

Thank you Steven for the update, that might be just what we need to allow our I.T. team to migrate to using one ticketing eco-system away from the multiple that we use now. 

grimmere774762777, SAML is coming, see the related issue ID-80. Raw LDAP would likely be much more difficult.

This request is 8 years old? Should I even bother voting at this point? 

We need ADFS!

@dbonotto - you guys already have an LDAP / AD authentication plugin. you even wrote it. it's there. I've seen it. I actually even use it. it works. it's really easy. simple to set up. It's probably all everybody wants.

and - just to say it again - it's already there.

now why don't you just make it available in the cloud as well? or at least please give a reason why this isn't happening.

Hi claudia.franke1031236111,

Have you seen:

• SAML single sign-on for Atlassian account
• Configuring SAML for Atlassian Cloud Apps – OneLogin Help Center
• Tutorial: Azure Active Directory integration with Atlassian Cloud - Microsoft Docs

Best Regards,
Dario
Atlassian Cloud Support

The AD integration is absolutly vital to consider your application as cloud ServiceDesk. Everything else is too high maintenance and might be a deal breaker.

Being SSO compatible is considered by management a basic requirement for all state of art software.

Before you sign up for that SAML beta, you might want to read this item: https://jira.atlassian.com/browse/ID-6213

That's the managed account upgrade that Atlassian have paused, for reasons that include customers complaining about losing control of their password policy.  The domain claim system you need to follow for SAML appears to be the same as for the managed account upgrade, and it comes with at least one of the same security concerns.  From the SAML page that Trent linked to: 

"SAML supersedes any password policy, meaning your policy is essentially "skipped" in the login process. When setting a password at id.atlassian.com (for use with API integrations) the policy will apply"

Only domain users (i.e. ones who have an email address that matches your claimed domain) can use this SAML implementation, but the notes don't say whether the password policy is also superseded for non-SAML users.

Hopefully Atlassian will clarify the notes, or reply to this comment.... 

Have you seen this?

https://confluence.atlassian.com/purchasing/saml-single-sign-on-for-atlassian-account-860002668.html

I think Atlassian may have an answer to this issue now!

they are ignoring this for > 7 years.

I'm not optimistic ...

Come on JIRA team... this is really important one.. do you want to play in the enterprise space or not?

Active Directory - or LDAP - integration is a hugely beneficial feature of server-based Confluence and JIRA.

Lack of this capability in cloud JIRA and Confluence is a huge pain-in-the-butt that dramatically increases our management burden when adding or deleting users.

It is baffling to me why this feature - so common in other SaaS like Salesforce - is missing from Atlassian Cloud.

Confluence is a great product but lack of integration with Active Directory is weird. Most other major web solutions has possibilities for AD integration. I have great problem giving access to users working outside normal working hours.

Damn, this was a problem for me two companies ago. I figured they would have solved this problem by now. What a pain.

maybe helen could update her 2-year-old statement, just to know if it's still being ignored (but then we'd know explicitly) or something changed?

we self-host confluence, but cloud-host jira, and this is a pain a lower body part, to put it politely.
atlassian, it can't be that hard, you already have it for the self-hosted solutions.

you are building a weird reputation with your products - they are great, but feature requests that are stone-old and really straightforward are completely ignored.

Has there been any positive updates?

Has anyone tried a product like this: https://www.onelogin.com/product/directory

If so, did it work for you?

Totally disappointing. This is a user experience neg, and will require our own IT administration to have to be trained on a new/different set of procedures to reset a password for just for Atlassian cloud applications. Additionally, to sync users (not passwords) to the cloud, they need to integrate and maintain (yet) another piece of infrastructure.

All of these things, man hours to integrate, maintain, and support cost money via man-hours.

I bet that Atlassian knows this, and are intentionally NOT going to implement this functionality so that Atlassian "experts" get a piece of the action, and then subsequently charge anywhere from triple to quadruple the cost of Atlassian's own solution.

Not supporting LDAP out-of-the-box makes me think that there is some home-brew solution behind the curtains. While it might be justified, it still suggests poor engineering and decreased security - why reimplement something that's already been written & tested by thousands?

I agree with the sentiment above. LDAP integration is mandatory security requirement for enterprise business and not supporting it in the Cloud offering is a deal breaker.

I'm disappointed this isn't higher on the feature list.

Me too - looking at rolling Confluence into the company I've just joined (as I did at the last two). Cloud seems a good way to go - or did, until I realised there's no LDAP integration. Really? I would've thought AD/LDAP auth for SaaS enterprise software was pretty much a ticket to the game, these days.

Same for my organization. Without this feature we will not be able to switch to the cloud hosted Atlassian suite.

Hello there,
Is there any ETA on this ticket please? We are really interested in switching to the cloud for both Jira and Confluence, but LDAP integration is a show stopper for us. At least if you can give and ETA please? Thanks

I've been an Atlassian advocate for a very long time, but I'm starting to consider getting my department off of Atlassian products. Ignoring enterprise requirements, insufficient investment into Cloud, and doubling pricing for on-prem installations is a sure way to frustrate even the most loyal customers.

I'm a consultant who had been looking at Confluence and JIRA as possibilities for several client situations. I stopped my review because of this situation - lack of integration with LDAP. Sorry folks. The name of the game is speed. When any possible solution imposes too much work on my clients, they/we go a different direction. Although obviously true, it's a bit unbelievable that Atlassian hasn't listened to customers for almost two years on this. Maybe it's an unpublished priority NOT to provide this functionality for some reason.

WOW! make that FIVE lost sales, i have been charged with replacing our code review tools for the team , we already use Jira server, but i can't recommend this without authentication that ties in with our existing corporate infrastructure.

PAYING CORPORATES NEED THIS.

Yes, indeed another supporter of this feature.

You (Atlassian) really need to bump this up the priority ladder! This is now the 4th business I have been in within as many years that requires this feature. Duplicating groups across from AD to Atlassian is a time consuming task and a manual one at that. In a world increasingly more automated and with security in mind, It is simply unacceptable for Atlassian to continue to see this as low priority task.

It really is about time the Cloud based products grew up and offered this feature and quickly too!

Thanks

D

Yet another, been waiting for years for this to be supported. As with so many of your customers, we're now actively looking to move away from JIRA, service desk, confluence and bamboo. Shocking

I am shocked this feature isn't a priority after many years. It would help us greatly.

"If our backlog changes and this becomes a priority" - it might not be a priority for you, and it's largely an annoyance rather than a show stopper for day-to-day users, but for a lot of people who make purchasing decisions it's a red line.

This might be one of those times when user feedback isn't the issue, it's feedback from people who might have paid for JIRA rather than (e.g.) TFS, but who've ended up going with TFS. The decision makers who control the software budgets are your primary stakeholders here, no-one else.

We need te connect our active directory for jira, portfolio and service desk cloud to avoid redundant user accounts. Thank you.

Thanks for your great products.
Please, can you add Active Directory to BitBucket Cloud edition ???
We need it !!!

It does not. You cannot use Crowd in a Cloud installation

Does anyone know if Atlassian Crowd will resolve this issue?

LDAP authentication is an absolute requirement for my company to utilize tooling. No LDAP integration = no purchase.

See ID-80 for a response from Atlassian - top blue panel and supporting comments from today:|.

I wish this was an official JIRA change, but it's not. I worked around the feature gap by writing a script that uses the JIRA API to get all active users and compares them against an internal Active Directory. Anyone not active in AD is deactivated in JIRA. It's not perfect, but it does the trick. Source code is shared on GitHub: https://github.com/katonahmike/jira-ldap-sync

You got me excited then, until I realised that you are not talking about an official change

I needed to do some cleanup to make this available for public consumption. It's close. I should have something to share before Friday.

This is a blocker for us. We would sign-up tomorrow if it was in place. For now we are stuck with on-premises and multiple VPN tunnels.

Let's hope...

Thanks @michael.hicks
I have a feeling this could be a game-changer for many of us.

I'll post the script on Github later this week

@michael.hicks any chance of you sharing that script on github minus of course the proprietary info? Just knowing it can be done in the painful interim is extremely helpful. I might be following in your footsteps on that one, especially if it could be modified to add the user group information.

+1

I also work at a large organization, and lack of authentication against a central authorization server is painful. The workaround we're using is a script that calls the Atlassian API to check all users in JIRA against our AD server, and highlights any JIRA/Confluence user who is no longer active in AD. Unfortunately this doesn't work for BitBucket.

It would be really nice to see expanded authentication support.

I thought I would provide a perspective from a large organization that uses LDAP and has been evaluating Atlassian cloud as a potential SaaS, we would not be proceeding with a trial as we see no LDAP integration with the cloud as a show stopper. We already run a hosted solution with LDAP integration for 2000+ users.

I would love to hear of any work around for LDAP or SAML integration with the cloud.

The two issues are functionally equivalent, although I originally asked for LDAP integration several years ago.

I think the SAML ID-80 issue is more important, however there does need to be some easy way to provision new users. Actors in a workflow system such as the issue management part of this may need to exist in the system before they first access the system. I've not looked at the provisioning APIs of Atlassian Cloud, because quite frankly, we're migrating away from it. Why are we migrating away from it? A combination of things - but we've outgrown the usability component of it, don't like the billing model, and don't like the way that issues such as this, ID-80, and that appalling round logo issue in Confluence linger - the responses to which show what kind of disdain they treat intelligent customers.

Good luck with the IPO guys - I'm sure the co-founder CEOs that are the darlings of the Australian media will get mega-rich, but not sure what the future holds when most new products seem to be clunky additions to JIRA.

Well, to be fair. This issue was opened in 2009 and the SAML issue was opened in 2014. But at the rate of attention that Atlassian is giving it, the solution may end up actually using oAuth7. /sigh

Remember there are two related issues in the Identity project (linked above, but reprinted below)...So, it's a heck of a lot more than 400 votes on just ID-79;-|. For whatever reason, this ticket has gotten more viewers/comments than the other one. Either way, yes, SAML or OpenID are the standards. No modern anyone would expect a direct LDAP integration.

https://jira.atlassian.com/browse/ID-80

I agree! I don't think direct LDAP integration would be ideal, it should be SAML or OpenID. Regardless, it's nearly impossible to deploy Cloud to my entire organization, it would become a support nightmare without some sort of SSO capability. I suppose I could go with on-prem Altassian products, but I'm trying to avoid managing any additional servers.

Another thing, and why is this ticket only a "Suggestion"??? There is not a single enterprise company out there that would not want this.

Paul,

@@#$#$^## is an understatement but I'm with you.

The Summit emphasis was on their Cloud products and growing out that infrastructure, yet made not a single mention of LDAP integration. The lack of a proper acknowledgement on critical needs such as this (and this applies across their products) is unacceptable for a company that prides itself on acting on customer feedback. I am well aware there are tons of custom-type feature requests from customers and those cannot be made a priority. However, all of my pending requests (check your records) are for needs or fixes that are critical to Continuous Integration.

Through some other channel I got a cryptic message that they recognize this as an issue and are working on it, but it was very nebulous. Still, why not comment here about it?

Its got more than double the votes of the next most voted for issue in the Identity project. Why this has not gained any traction mystifies me. Please Atlassian - throw us a bone here. Are you working on it and if not, why not?

This really does need escalating, or at least a clear reason for why it has not been prioritized.

@ronchan: Since you were at the summit this month, what was the general statement made by Atlassian on this topic? Did they have anything to say at all?

I'm not even sure Ms. Helen Hung is the PO for the product, but regardless this old status needs some love please!!!!???@@#$#$^##

Can someone please explain to me how a 6 year old request with nearly 400 votes doesn't get a single response from Atlassian? Our company's plan to move to the Atlassian Cloud has been on hold for 2 years running and our patience is wearing quite thin. I've attended the Summit for the last 3 years (this year was likely my last) and not surprisingly, a large number of enterprise customers I have spoken to have expressed the same frustration. Many have moved on (Jenkins seems to be a popular choice) and the rest are on the verge of doing the same, including us. I can only imagine how much revenue from Enterprise customers you're losing for not even addressing this critical need.

https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=28923
https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=28624
https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=31070

I assume these are all for on-premise? I'd love to see how they did it otherwise.

Atlassian, about to go IPO, is valued @ $3.3BB and yet continues to hold on this feature. I don't see how implementing Atlassian ID across its products outweighs the general market expectation for the organization to act as an identity provider via saml...

Anyway, anyone here have information from the summit on this topic, please do share.
https://www.atlassian.com/company/about/events/summit/2015/sessions/

We've been using Atlassian Cloud and are about to scale up to thousands of users, however without some sort of SSO/Identity integration it is a deal breaker. This should be standard on any cloud offering, I'm amazed that Atlassian are happy to let so much revenue slip through their fingers.

Our company certainly wants it; it's a pretty big deal breaker for a lot of people.

Have faith; Summit is 2 days away! I mean, don't hold your breath or anything but we can hope!

I cannot believe this isnt done yet, everything has at least LDAP.

re:

I was ready to begin planning my company's move to Atlassian cloud services until I discovered this. I hope Atlassian will prioritize this soon. It's a glaring hole in your feature set, and one that many service providers upon which I relay have long since solved.

Please be patient Stephanie Simpson. This issue was only raised 7 years ago.