Jama Software offers several options for authentication beyond our native simple-authentication method. However, the differences between these options can be subtle, and they tend to start looking a bit like alphabet soup to an uninitiated user. This article is meant to demystify those differences and what your options are depending on where your Jama Software instance is hosted; for more technical implementation details, please see our help guide or open a Support ticket.
Please note that, whichever authentication scheme you use, Jama Software will be unable to fall back on native authentication for any users; if you have any task-specific users in Jama Software (for example, a designated JIRA-to-Jama Software sync user), you’ll need to make sure that user has credentials in your external authentication system as well.
What are my options for an on-premises environment?
For our on-premises environments, we offer three different options for authentication: LDAP, Active Directory, Atlassian Crowd and SAML. Each is a single sign-on system and functions in roughly the same way; however, small implementation details exist between the three.
- LDAP is our most commonly-used integration, as it is a well-established open-standard protocol for providing identity and directory services.
- Active Directory (AD) is a Microsoft Windows-based implementation of LDAP; its management is tightly integrated into Windows and may be a better choice if your organization is already familiar with administering Windows Server machines. Its implementation in Jama Software is essentially the same as LDAP’s and should behave equivalently.
- Crowd is Atlassian’s web-based directory service. It features the most robust user interface and has a few extra features (such as the ability to batch-import users and groups into Jama Software).
- SAML is available only for versions released after 8.31 and offers a simple solution that requires much more direct interaction between the user and the authentication system.
- Multi-Mode Authentication is the combination of our Default Authentication process and SAML, which gives you the ability to separate your internal users from your external partners, vendors, and contractors. Multi-mode authentication provides an extra layer of protection for external users so they can be part of the requirement, approval, and tracking process in Jama Connect.
What are my options for a cloud environment?
In our hosted offering we offer SAML and Multi-Mode Authentication. SAML will pass the user’s username and password to the authentication system and receive a verification token back, SAML redirects users to a third-party authentication provider to input their credentials. This means that Jama Software does not handle any credential information at all, but it requires more direct interaction between the user and the authentication system. This exchange is generally handled by a third-party identity provider rather than by an in-house administrator.
updated content 11/8/2018