View Source

If any external user directory such as LDAP is configured in Atlassian application, the behaviour of SSO will change according to the user directory permission.

Here are the behavioural changes listed for each directory permission type:

Read Only directory
Read Only with Local Groups
Read/Write

Read Only

User Creation:
- User creation part will be handled by the external directory (AD/LDAP), miniOrange addOn will read synced users and take care of their authentication. If any new user tries to perform SSO, this error message will be shown to the user: "We couldn't sign you in. Please contact Administrator"
User Profiles Mapping:
- Profile Management and updating attributes will be handled in the external directory.
- It is recommended to check the Disable Attribute Mapping option in the User Profile tab.
User Group Mapping:
- The groups of users will be handled in the external directory.
- It is recommended to check Disable Group Mapping option in the User Group tab
Default Groups:
- It is recommended to change Assign Default Groups To settings to None

Read Only With Local Groups

User Creation:
- User creation part will be handled by the external directory (AD/LDAP), miniOrange addOn will read synced users and take care of their authentication. If any new user tries to perform SSO, this error message will be shown to the user: "We couldn't sign you in. Please contact Administrator"
User Profiles Mapping:
- The profile and groups of users will not be updated
- It is recommended to check the Disable Attribute Mapping option in the User Profile tab.
User Group Mapping:
- Users can be added to or removed from local Atlassian application groups
- If you're using On-The-Fly group mapping, the new groups will be created only if the Atlassian application's internal directory is a primary user directory
Default Groups:
- For the directory users who are logging in for the first time, the local Atlassian groups configured as Default groups in the user directory will be assigned, it is recommended to Change Assign Default Group To settings to All

Read/Write

User Creation:
- New users will be created in the primary user directory
User Profiles Mapping:
- The profile of users will be updated
User Group Mapping:
- The groups of users will be updated
- If you're using On-The-Fly group mapping, the new groups will be created only in the primary user directory
Default Groups:
- Local and external directory groups can be assigned as default groups to all users. As all users are treated as existing users, it is recommended to Change Assign Default Group To settings to All

If you are looking for a different kind of behaviour for any User Directory Permission or need any help with setting up User Directory permissions, please reach out using the customer portal.