Knowledge Base

 View Only

Authentication Options for Self-Hosted and Cloud Users (LDAP, AD, Crowd, SSO, SAML)

By Alexander Kahn posted 04-01-2015 15:13


Jama Software offers several options for authentication beyond our native simple-authentication method. However, the differences between these options can be subtle, and they tend to start looking a bit like alphabet soup to an uninitiated user. This article is meant to demystify those differences and what your options are depending on where your Jama Software instance is hosted; for more technical implementation details, please see our Help Guide or open a Support ticket.

Please note that, whichever authentication scheme you use, Jama Software will be unable to fall back on native authentication for any users; if you have any task-specific users in Jama Software (for example, a designated JIRA-to-Jama Software sync user), you’ll need to make sure that user has credentials in your external authentication system as well.

What Are My Options for a Self-Hosted Environment?
For our Self-Hosted environments, we offer three different options for authentication:  LDAP, Active Directory, Atlassian Crowd, and SAML. Each is a single sign-on system and functions in roughly the same way; however, small implementation details exist between the three.

  • LDAP is our most commonly-used integration, as it is a well-established open-standard protocol for providing identity and directory services.
  • Active Directory (AD) is a Microsoft Windows-based implementation of LDAP; its management is tightly integrated into Windows and may be a better choice if your organization is already familiar with administering Windows Server machines. Its implementation in Jama Software is essentially the same as LDAP’s and should behave equivalently.
  • Crowd is Atlassian’s web-based directory service. It features the most robust user interface and has a few extra features (such as the ability to batch-import users and groups into Jama Software).
  • SAML is available only for versions released after 8.31 and offers a simple solution that requires much more direct interaction between the user and the authentication system. 
  • Multi-Mode Authentication is the combination of our Default Authentication process and SAML, which gives you the ability to separate your internal users from your external partners, vendors, and contractors. Multi-mode authentication provides an extra layer of protection for external users so they can be part of the requirement, approval, and tracking process in Jama Connect.


What Are My Options for a Cloud Environment?  SAML End-of-Life Final Notice

In our Cloud offering, we offer SAML and Multi-Mode Authentication. SAML will pass the user’s username and password to the authentication system and receive a verification token back, SAML redirects users to a third-party authentication provider to input their credentials. This means that Jama Software does not handle any credential information at all, but it requires more direct interaction between the user and the authentication system. This exchange is generally handled by a third-party identity provider rather than by an in-house administrator.


updated content: 8/12/2023



09-17-2018 19:26

​We have a problem that can only be fixed by SAML and are very disappointed Jama on-prem does not offer this.

08-26-2015 02:38

Alexander, thanks for your statement!


08-25-2015 12:02

Hi Sebastian,

Thanks for the question! Jama's LDAP/AD authenticator does not support true single sign-on through a secondary application, mostly because we want to avoid earmarking floating licenses for users who are not actually using the system. There may be third-party tools which can negotiate the sign-on process once a user hits the login page, but I don't know of any off-hand and can't say whether they'd be compatible with Jama.

Our SAML implementation, described above for our hosted environment, works as you've described by authenticating a user in the background only after he or she has navigated to the Jama application. I'm not aware of any plans to port that service to our on-premises application at this time.


08-24-2015 08:24

Alexander, is it possible to enable an automatic sign-on (real single sign on) for JAMA? 

I would expect that JAMA takes the MS Windows credentials automatically. Thus, the login page would be obsolete. We have to change our passwords regularly. And it takes some time to adapt all passwords in all applications. However, our IT department introduced some new tools which use the Windows login to log into the application automatically (e.g. MS Sharepoint). Is this also possible for JAMA?

We are using LDAP/AD and an on-prem installation.

Best regards,