User directories are what Jira uses to store information about users and groups. A user directory is backed by a user repository system, such as LDAP, a database, or a remote user management system, such as Atlassian Crowd.

You can have multiple user directories in Jira. This allows you to connect your Jira instance to multiple user repositories. For example, you can have an LDAP directory for your internal users and the Jira internal directory using the database for external users. An example is given in the following screenshot, where we have three user directories configured. The first user directory is the built-in Jira Internal directory running on the Jira database. The second user directory is connected to the Microsoft Active Directory (Read Only) in read-only mode. The last user directory is connected to Atlassian Crowd, user identity management software from Atlassian:

As a Jira administrator, you can manage user directories by performing these two steps:

1. Browse to the Jira administration console
2. Select the User management tab and then select the User Directories option

From there, you can see the list of user directories you currently have configured in Jira, add new directories, and manually synchronize with the remote user repository.

When adding a new user directory, you need to first decide on the directory type. There are several different user directory types within Jira:

• Jira internal directory: This is the built-in default user directory when you first install JIRA. With this directory, all the user and group information is stored in the Jira database.
• Active directory (AD)/LDAP: This is used when you want to connect Jira to an LDAP server. With this directory, Jira will use the backend LDAP to query user information and group membership. This is also known as an LDAP connector and should not be confused with internal and LDAP authentication directories.
• Internal with LDAP authentication: This is also known as a delegated LDAP. With this directory type, Jira will only use LDAP for authentication and will keep all user information internally in the database (retrieved from LDAP when the user successfully authenticates for the first time). This approach can provide better performance. Since LDAP is only used for authentication, this avoids the need to download larger numbers of groups from LDAP.
• Atlassian Crowd: If you are also using Atlassian Crowd, a user management and Single Sign-On (SSO) solution, you can use this directory type to connect to your crowd instance. With this option, you can also configure your Jira instance to participate in the SSO session.
• Atlassian Jira: Jira is capable of acting as a user repository for other compatible applications. If you have another Jira instance running, you can use this directory type to connect to the other Jira instance and for user information.

When you have multiple user directories configured for Jira, there are a few important points to keep in mind. The order of the user directories is important, as it will directly affect the order Jira will use to search users and apply changes to users and groups. For example, if you have two user directories and both have a user called admin with different passwords, this will have the following effects:

• When you log in to Jira with the user admin, you will be logged in as the admin user from the first user directory that is able to validate the password, in the order of listed directories.
• After logging in, you will be granted group membership from the directory that has validated your password. Any other directories will be skipped.
• If you make a change to the admin user, such as changing the full name, then the changes will only be applied to the first directory Jira has write access to.

Another important point to remember when working with user directories is that you cannot make changes to the user directory when you are logged in with a user account that belongs to the said directory. For example, if you are logged in with an LDAP account, then you will not be able to make changes to Jira's LDAP user directory settings, since there is the potential for the new change to actually lock you out of Jira.