I am currently using JIRA Atlassian Data Center and wanted to clarify the proper process for creating user accounts. As per the application team, JIRA accounts are managed at the account level and are created through LDAP. I noticed that when I create an account manually, it is temporarily available but gets removed after the next aggregation/sync.
Could someone please provide the correct procedure for creating JIRA accounts via SailPoint, ensuring they are properly provisioned in LDAP and retained after aggregation?
Hi @AMANSINGH12 , can you explain a bit more about the issue here?
Do accounts get created successfully in Jira and are removed natively? Or do they show as created in SailPoint and removed on the next aggregation as they do not exist in Jira?
When you say you are creating the accounts manually, do you mean in Jira or in SailPoint? If the account does not exist in Jira (i.e., in LDAP), then during aggregation SailPoint will detect that there is no corresponding identity link and the account will be removed.
If Jira is syncing via LDAP, you can create accounts in LDAP via SailPoint and then Jira will sync from there. It would mean that SailPoint doesnt need direct Jira integration. If the goal is to get away from LDAP sync, then Jira settings should be updated to allow local accounts as well as LDAP sync accounts.
Remember that Jira does not usually transfer profiles, meaning the LDAP sync’d account can not be converted to local. So, be mindful of disabling LDAP sync with Jira.
@AMANSINGH12 If AD is the source of truth for Jira, then you should avoid create local accounts via Sailpoint or directly in Jira. It creates a security nightmare where users persist in Jira but not in Active Directory. Also, note that after IIQ creates the LDAP account, there is a “blind spot” until Jira syncs with LDAP and IIQ aggregates Jira account.
If you want to do it via IIQ, you want to coordinate with Jira team to change user directory settings in Jira.
Note: Found a fix?Help the community by marking the comment as solution. Feel free to react(,, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.
