User Directory Information

If any external user directory such as LDAP is configured in Atlassian application, the behaviour of SSO will change according to the user directory permission.


Here are the behavioural changes listed for each directory permission type:

  1. Read Only directory

  2. Read Only with Local Groups

  3. Read/Write

Read Only


 

  1. User Creation:

    • User creation part will be handled by the external directory (AD/LDAP), miniOrange addOn will read synced users and take care of their authentication. If any new user tries to perform SSO, this error message will be shown to the user: "We couldn't sign you in. Please contact Administrator"

  2. User Profiles Mapping:

    • Profile Management and updating attributes will be handled in the external directory.

    • It is recommended to check the Disable Attribute Mapping option in the User Profile tab.

  3. User Group Mapping:

    • The groups of users will be handled in the external directory.

    • It is recommended to check Disable Group Mapping option in the User Group tab

  4. Default Groups:

    • It is recommended to change Assign Default Groups To settings to None

 

Read Only With Local Groups


  1. User Creation:

    • User creation part will be handled by the external directory (AD/LDAP), miniOrange addOn will read synced users and take care of their authentication. If any new user tries to perform SSO, this error message will be shown to the user: "We couldn't sign you in. Please contact Administrator"

  2. User Profiles Mapping:

    • The profile and groups of users will not be updated

    • It is recommended to check the Disable Attribute Mapping option in the User Profile tab.

  3. User Group Mapping:

    • Users can be added to or removed from local Atlassian application groups

    • If you're using On-The-Fly group mapping, the new groups will be created only if the Atlassian application's internal directory is a primary user directory

  4. Default Groups:

    • For the directory users who are logging in for the first time, the local Atlassian groups configured as Default groups in the user directory will be assigned, it is recommended to Change Assign Default Group To settings to All

 

Read/Write


  1. User Creation:

    • New users will be created in the primary user directory

  2. User Profiles Mapping:

    • The profile of users will be updated

  3. User Group Mapping:

    • The groups of users will be updated

    • If you're using On-The-Fly group mapping, the new groups will be created only in the primary user directory

  4. Default Groups:

    • Local and external directory groups can be assigned as default groups to all users. As all users are treated as existing users, it is recommended to Change Assign Default Group To settings to All

 

If you are looking for a different kind of behaviour for any User Directory Permission or need any help with setting up User Directory permissions, please reach out using the customer portal.