I agree with all comments above. This should not be default expected behavior. If you've used BMC remedy you'd notice this is not standard.

mwinsen: Thanks for the update. How about reopening this? It makes JSD 100% unusable for us.

Agreed. This needs to be reopened. If Atlassian consider this expected behaviour, then change it from a bug to an improvement request, and leave it open until the improvement is made. We cannot use JSD until this is fixed.

While this may be "Expected Behavior" it is also "Improper Behavior". As stated above, for users of LDAP, each person who logs into their companies Jira system needs to automatically be added to the jira-users group. However, most service desk customers, EVEN IF THEY ARE LISTED IN LDAP, do not need to be given a seat license as they may only be using Service Desk and not JIRA itself.

In our company, not everyone in LDAP is in JIRA. However, JIRA is growing, so we add people to it daily. The overhead of turning off the "Default Group Membership" and having to either hand make accounts or manually adding them to an LDAP directory would be horribly onerous.

As an example of this: Our outward facing Customer Service Representatives have no need for JIRA but do need a way to enter issues into JIRA for the development teams to work on. There are 4,000-5,000 of them. We thought that Service Desk would allow us to do this, but instead it takes up a license for each rep.

We originally thought of Service Desk but dismissed it due to the high license fees of having each customer cost a license seat (v.1). When you changed to a the v.2 system where customers do not count towards license, even though the cost for agents was high, we were willing to take another look at it with high hopes. However, it appears that you didn't change your pricing policy in Service Desk, you just changed it to affect JIRA instead of affecting Service Desk. Once again, we have to reject this plugin no matter its promising appearance.

We have about 50,000 users, the majority of whom will never access Jira. All of these users have access to Jira, and can create issues in any of our 3 front-line projects. We're looking at purchasing JSD for one of these projects, which is our main Helpdesk, which would handle probably 95% of all support requests. When they create a ticket in the Helpdesk JSD Customer Portal, they should be considered a Customer (which are unlimited and free in terms of licensing) and should not consume a user under our Jira license. However all of our 50,000 users still need to be able to login to Jira to create tickets in other projects. I could create a jira-ldap-users group in LDAP, but I'd still have to put all of our users in it, so this really would have no effect.

You could try handling the access to JIRA via a group in the LDAP side.
Adding users to a "jira-ldap-users" group in the LDAP server, and adding this group to the JIRA Users global permission. This way all LDAP users would have access to the Customer Portal and only the jira-ldap-users members would have access to JIRA itself.

malmeida: That would work, but our users also need to be able to access other Jira projects, which requires being a member of jira-users. A user who initially contacts our Helpdesk using the Customer Portal may later need to open a ticket in another (non-JSD) project using the regular Jira interface. Even users who never contact our Helpdesk will need to be in jira-users for accessing other projects. The solutions/workarounds being proposed simply aren't acceptable.

If you have the Copy on first login option enabled but NO groups in the "Default Group Memberships" field, the user will be created successfully in JIRA without any groups associated (not counting toward the license) and should have access to your customer portal if it has unrestricted access permissions.

ezhang: Please reopen this issue. It is a critical bug and you are wrong to close it as Not A Bug. This makes Jira Service Desk unusable for anyone using Copy On First Login. We'd need to license Jira for every "Customer" using Jira Service Desk, which are supposed to be unlimited and free.

Edward Zhang, i completely disagree with this. I originally answered to JSD-878, which is created first.

As i think - adding a customer to ServiceDesk calls to the same method, as adding regular user to jira. But it's a bit different. With ServiceDesk v2 license policy there is a new terminology - a customer, and this is a new behavior for jira service desk, as well as for jira itself. And i think there is have to be another method, or additional parameters to add customer to database (for example force restrict it to internal database, or pass additional params to method, and override default group membership) as it is not a user, it is a customer - an object (class) with completely different behavior, and one should not treat it as the same.