All options in the advanced menu have standard values. You don't need to change any of these values if you're not sure.

  1. For the start – leave Kerberos authentication unchecked

     Why do we suggest leaving Kerberos unchecked?

    Kerberos is notoriously fickle, and in many scenarios doesn't work by design.

    NTLM works where Kerberos doesn't. It makes sense to get NTLM working before proceeding to configure Kerberos.

  2. For the start – leave Log4J logging option unchecked.
  3. Set log file location.
  4. Set logging detail level. 

     Logging levels explanation...

    Recommended log level for testing is 4 - this will display requests and responses, DNS queries as well as details of communication with Domain Controllers.

    For production use levels 1 or 2 is recommended.

  5. Specify DNS name of your domain e.g.

     Windows: How to find/confirm the name of your domain...


  6. Consult with your Domain Administrator if use of "AD Site" is necessary

     What is AD site...

    Nowadays organisations often use multiple redundant Domain Controllers. They are often organised in groups known as"sites". While an End User workstation may be capable of "seeing" all Domain Controllers and connect to all of them for the sake of disaster recovery, a server often is only able to connect to the closest site (probably co-located in the same datacenter). Your Domain Administrator should be able to identify the name of the site EasySSO should use to discover all available Domain Controllers that are actually useable.

     Windows: How to identify what sites are available...

    You can attempt to list all sites available to you by running the following command from command-line:




    In the example above there is only one Domain Controller and it is in the site "Default-First-Site-Name". 
    This would be the value to insert into EasySSO parameter "AD Site" in the config screen.
  7. Canonical user account form depends on the format of usernames used in JIRA. Please read IOPLEX Jespa Operators Manual about this. Most installations will use canonical form=2 eg for usernames like "johndoe".
  8. Please specify your login location for fallback when authentication cannot be completed successfully eg /jira/login.jsp



Pair EasySSO with User Management for JIRA and Confluence. Visit the Atlassian Marketplace for more information.





EasySSO articles

Purchase from the Marketplace

EasySSO for JIRA, Confluence, Bamboo, Bitbucket and Fisheye/Crucible