To me this seems more a bug then a suggestion! Customers from AD can login IF you add the AD group to the Customers role. The only thing not working is that you cannot add these customers to the Servicedesk and thus can not raise a ticket on behalf of the customer.

It is also difficult to set the user as the reporter in the ticket itself, since it doesn't show up in the suggestions. But if you know the username Jira will still recognise the user.

Either one of two things need to be worked on for Jira SD. Either this (my preferred) needs to be implemented, or JSDSERVER-5227 "Make the Login-Free portal available on JIRA Server". We would prefer being able to connect our customers (which are all internal to our network) to use their AD to login. The Jira SD is our secondary service desk used only by one special team and having people create yet another account is cumbersome.

I think there is some confusion as this is the twin for a cloud issue that isn't a problem on server. JSDSERVER-5275 talks specifically about getting delegated authentication working for customers, it may be easier to get visibility on the issue to discuss it there.

Hi @all do we have any sense of priority on this? 

We are working with an enterprise internal SD client, 1 data center clients and likely a second one coming in the summer. 

Have someone integrate the JIRA Service Desk user base with an external application?

I don't think that above work arounds are any good. This problem is related to the cloud version of the product and as such, Vivek's workaround does not unfortunately work. There is no "User Directory" option within the user management screen.

Guys, there are workarounds for this, as explained in comments above, just use them. I believe Atlassian are not in a big hurry to do this, as it is complicated and there are working solutions to overcome it.

We are also in transition from other tools to JIRA but having service desk without AD authentication is a big problem. Can there be an anwser from Atlassian representative?

We are considering JIRA Service Desk on Demand but not having AD authentication is a deal breaker for us as our current solution has that capability so moving to JIRA would be a step backwards and require more work on our end. I would like a definite answer from Atlassian on if this is in the road map or not?

There are multiple stories for AD integration and I'm not sure why they are all not linked...
This is a huge priority, but it doesn't seem as though Atlassian cares about this as much as other features... If they only understood that getting this integration would gain them a LOT more customers\money maybe they would focus on it...

Is there any work being done by Jira development team to implement this feature? or this is not on the road-map?

Same problem here. We want to limit our company users who are in a certain AD group to use the Service Desk. But this should happen without each user doing having to register or licenses counting up.

This ticket has been open since October 2014 (!!!). I can not see why this should be hard to implement as a feature. Why is this taking so long? Don't we have enough votes for this?

I have a client who is struggling with this as well. Here is the use case:

• Using JSD for internal customers to log tickets via email without having to create an account first
• Using AD for authentication on users who have logged in to create accounts

So now we have a number of users with two accounts: the first they created automatically when they submitted a ticket and JIRA created a "public login customer" account in the local directory that doesn't use a license; the second if/when they login to JIRA proper, which pulls their AD credentials and creates a new account for them. Voila! Two accounts.

I'm going to try @Casey's suggestion and will get back to everyone. But I wish this was a use case that had a more straightforward solution.

Agree with Steven (hi btw). I think the main problem here is about creating the id for a new customer, especially when that customer has delegated AD id that ultimately is what will be used to authenticate that person.

I ended up creating a new group in a single directory that 'receives' any new registrations (we are using Crowd with the default group adds option) but does not provide any authorizations (for either service desk or just straight JIRA) ... then once the users have an account id in Crowd, our admin team adds the id to the proper group that does grant permission to access the appropriate application.

• Would be nice to have the ability to 'setup' a group of customers up front in bulk so as to avoid the New User registration email.  With a delegated AD directory, I don't see a way to do this.  

• Being able to define a default group / directory where any new customer ids get added to would also be nice.

I'm not certain the description in this issue is accurate anymore. I think that this Suggestion is sort of a catch-all, "JSD doesn't work perfectly with all AD features."

However, I have had no problem finding a solution specifically for authenticating users via external directories, for example through an Active Directory connected Crowd directory. There certainly are caveats when using external directories with JIRA Service Desk that need to be understood.

I think the main issue resides in new customers/existing customers and where the users get created, since JSD only creates them in the first directory listed. This also has issues when using some configurations with some connector setups, since this might license users via the "Add to group on authentication" option. Finally, SSO is not supported with this product. I may be missing some of the issues.

I'd encourage users who have specific problems to voice their use-cases here for Atlassian's benefit (as this is a Suggestion report) and ask for assistance on https://answers.atlassian.com or from https://support.atlassian.com. Feel free to mention me on an Atlassian Answers Question, I try to help out as time allows.

Not really. Vivek Shah's steps above work. You could also create a dummy AD group and put all your users into that and just have that specific group imported into your jira customers. Otherwise when you go into groups setup, it lists everything which can be a bit messy.

So with the above info, is integration with AD for customers even an issue? I'm just working on getting my Service Desk set up, but it sounds like this is working, right?

I've solved this in a similar way for a customer. They are using Crowd and Active Directory. I think I have explained this properly but I may be missing information as I haven't spent a lot of time writing this comment, and it's been some time since I brainstormed/implemented it.

• JIRA Users – One directory comprised of users that are JIRA users, allowing only the specified groups to authenticate through this application/connector. This directory has Default Group Membership to license them as JIRA users.
• Service Desk Customers – One directory comprised of users that are customers, allowing only the specified groups to authenticate through this application/connector. This directory has no default group membership.

I was able to accomplish this by allowing the JIRA LDAP search to import all users within our Active Directory instance, but did not add a default JIRA group to add them to upon import. With no default group, they are not added as licensed JIRA users, but do seem to be able to log in to the customer portal.

Hi Casey - Please can you explain how you were able to add those accounts into JSD from AD? Are your 10,000 JIRA customers also licensed JIRA users? Thanks!

Our users are able to log into the Customer Portal and submit and view their requests.

@Casey- Are your users able to log into the Customer Portal?

We have 10,000 users in AD that are all exposed as customers to our JIRA Service Desk by not adding them to jira-users.

Hi,

Any movement on this? At this stage we are unable to deploy the Customer Portal to our production environment and reap the benefits as our Customers do not have a mechanism to be able to sign in.

Thanks

Please implement this! It's appalling for users that have already logged in through AD/Domain to have to log in again into JSD.

We only have 50 employees in our company so may not be relevant for others but to get around this we just created accounts for everyone (delegated ldap for us) then added the service desk permission and removed them from the jira-users group. Now everyone already has an account that's linked to Active Directory and doesn't suck up a Jira License. Took an hour or two.

Very crucial feature for many potential customers!

I'll paraphrase Brian to express my view...
We are evaluating JIRA and strive to manage user authentication in as few places as possible, with AD being the primary. This *_IS _*a deal breaker for us unless Atlassian can provide assurance its in the pipeline...

Oh man, please make this happen guys! I can't go telling people their passwords are different for this portal vs. all other Atlassian products....

I have found a way around for this which is very cumbersome but a working solution, here are the steps :

1. Under User Management Settings -> User Directories -> Set Up Your AD
2. Once done, if a user logs in to service desk, they are added as Jira Users hence contributing to license count
3. Here is where the hack comes in. Goto System Settings -> Roles -> Service Desk Customers -> Manage Default Members -> Select and Add all the groups created from AD configuration in step 1
4. Now all these AD groups will be attributed to Service Desk Customers and will not be accounted towards your Jira user or Service Desk agent license

Hope this helps to folks out there trying to achieve this, I had to spend several hours before I came up with this interim solution.

We are evaluating JIRA and strive to manage user authentication in as few places as possible, with AD being the primary. This may be a deal breaker for us...

We are considering migrating to this from ServiceDesk Plus. This would be a huge help in doing that.

The sign up process and emailing invites is not a blocker for us going forward with JSD, but integrating customers with AD would be nice and provide us some flexibility in managing JSD customers. I would recommend that the customer account not be provisioned in JSD until the user attempts to log in. That would eliminate pulling inactive users, users that will never log in to JIRA, etc., into the database and (IMO) keep things a little cleaner.